The latest minor release line is supported for security fixes.
If you discover a security issue:
- Do not open a public issue.
- Send a private report with:
- impact summary
- reproduction steps
- affected version(s)
- suggested remediation (if available)
- Include proof-of-concept data that is safe and sanitized.
- Initial acknowledgment target: 3 business days
- Triage target: 7 business days
- Fix timeline depends on severity and exploitability
This library performs best-effort pattern redaction and is not a full DLP platform. Use defense in depth in production:
- access controls
- data classification
- policy enforcement
- monitoring and incident response