To report a security concern about vid2llm, open a private security advisory at:
https://github.com/leozitogs/vid2llm/security/advisories/new
Do not open public issues for security reports.
- Initial acknowledgment within 7 days.
- Status update within 30 days.
This policy covers the vid2llm source code only. For issues in third-party dependencies, contact the respective project maintainers. Reports about dependencies are welcome as informational notices.
Reports are handled through coordinated disclosure. Public reports containing sensitive details will be closed and moved to a private channel.
During the pre-1.0 phase, only the latest minor release receives patches. After 1.0, the latest two minor releases are supported.