Security fixes are made against the latest released versions of simplebroker, simplebroker-pg, and simplebroker-redis. Older releases may receive fixes when the fix can be applied without unreasonable release or compatibility risk.

Please do not open a public GitHub issue for a suspected vulnerability. Email Van Lindberg at van.lindberg@gmail.com with enough detail to reproduce or assess the issue, including affected versions, the expected impact, and any proof of concept you can share safely.

You should receive an initial response within 7 days. I aim to confirm the vulnerability impact and disclosure plan within 30 days, depending on severity and reproducibility. Coordinated disclosure is preferred so users can receive a patched release before public details are posted.

Reports are in scope when they affect confidentiality, integrity, availability, or package supply-chain integrity for the published packages or the release automation in this repository.

General bugs, unsupported usage questions, and feature requests should use normal GitHub issues.