The project is currently maintained under the 1.x release line.
| Version | Supported |
|---|---|
| 1.x | ✅ |
| < 1.0 | ❌ |
Security fixes are applied to the latest supported 1.x release on a best-effort basis.
Please do not open public GitHub issues for security vulnerabilities.
Report suspected vulnerabilities privately by emailing security@ghostcompiler.com with:
- a clear summary of the issue
- affected version(s)
- reproduction steps or a proof of concept
- impact assessment if known
What to expect after reporting:
- Initial acknowledgement target: within 72 hours
- Status update target: within 7 days
- Fix or mitigation timeline: depends on severity and reproducibility
If the report is accepted, we will investigate, prepare a fix, and publish the patch in a supported release. If the report is declined, we will explain why when possible, such as when the behavior is outside the project threat model, unsupported, or not reproducible.
Please avoid disclosing the issue publicly until a fix or mitigation has been released.