The authoritative security policy is maintained at the repository root: SECURITY.md.
Please read that file for:
- Supported versions / release lines
- How to report a vulnerability (private disclosure process)
- Expected response timelines
Direct link:
If you discover a security issue within the documentation site infrastructure (build pipeline, published assets) rather than the application code, you may still use the same private disclosure channel. Please clearly state in your report that the issue concerns the documentation delivery mechanism.