| Version | Supported |
|---|---|
| main (latest commit) | Yes |
| Active release branch | Yes |
| Older branches | No |
Please report security issues responsibly.
- Prefer GitHub private vulnerability reporting (Security tab -> Report a vulnerability) when available.
- Include affected area, impact, and clear reproduction steps.
- Include environment details, dependency versions, and any temporary mitigation.
- Do not disclose exploit details in public issues before a fix is shipped.
If private reporting is unavailable, open a public issue with minimal non-sensitive details and request a private follow-up channel.
- Initial triage: within 3 business days
- Status update: within 7 business days
- Resolution timeline: depends on severity and complexity
Reports are especially valuable for:
- docs rendering and MDX processing paths
- API routes related to docs data and search
- metadata, sitemap, and robots generation
- dependency and build pipeline risks
After a fix is available, maintainers may publish a coordinated disclosure note that includes:
- affected versions
- fix commit or release reference
- upgrade guidance