Security Policy Supported versions Version Supported main ✅ older tags ⚠️ best-effort Reporting a vulnerability Do not open a public issue. Email security@codex-cli.dev with a detailed description, reproduction steps, and any proof-of-concept scripts. Include SECURITY in the subject line so the request is triaged quickly. Expect an acknowledgment within three business days and a full response within ten business days. Preferred disclosures Provide minimal patches or mitigation ideas if you have them. Coordinate public disclosure timing with maintainers so users have a chance to update.