Please do not open a public issue for security vulnerabilities.

Use GitHub's private vulnerability reporting to report security issues. This ensures the report is only visible to project maintainers until a fix is available.

Only the latest released version of ForgeMap receives security updates.

This security policy covers the ForgeMap NuGet package (which bundles the generator and abstractions).

ForgeMap is a community-maintained open-source project. Security reports are handled on a best-effort basis. There is no SLA, but maintainers will acknowledge reports as quickly as possible.