Security fixes are provided for the latest release on master.
Please do not open public issues for security vulnerabilities.
Report privately to: security@entity.io
Include:
- affected version/commit
- impact and exploitability
- reproduction details
- suggested fix (if available)
- Initial acknowledgement: 2 business days
- Triage decision: 5 business days
- Remediation target: based on severity and risk
We follow coordinated disclosure. Public advisories are published after a fix is available or mitigation guidance is ready.