We focus our security fixes on the latest indev branch and the most recent stable release line. Older, end-of-life versions no longer receive patches.

If you discover a security issue in Lithium-Next, please report it privately so we can investigate and release a fix before the details become public.

1. Email the maintainers at [email protected] with the subject line SECURITY.
2. Optionally open a "Security" issue on GitHub marked as private if you have access to GitHub's private vulnerability reporting.
3. Please include the following information:
   • A detailed description of the issue and potential impact.
   • Steps to reproduce or proof-of-concept code.
   • Affected version(s) and environment information.

• We will acknowledge receipt of your report within 3 business days.
• Maintainers will coordinate a fix and keep you updated about progress.
• Once the fix is released, we will publish a security advisory crediting you (unless you prefer to remain anonymous).

Please refrain from publicly disclosing the vulnerability until we have provided a fix and coordinated release notes. We greatly appreciate researchers and community members who help keep Lithium-Next secure.