How dnsplane handles threats, trust boundaries, and common risks is summarized in docs/ASSURANCE_CASE.md.

The current main branch receives fixes until an LTS release is published.

Sensitive reports: Email earentir@gmail.com with enough detail to reproduce or assess the issue (version, affected component, impact). Follow coordinated vulnerability disclosure practices.

Already public: If a vulnerability is already discussed in public (CVE, blog, issue elsewhere), email the same address so the project can track fixes, releases, and release notes.

Non-sensitive bugs: For ordinary defects that are not security-sensitive, open a GitHub issue.