Security Policy
Supported Versions
Security fixes are applied to the current major release line. Older majors receive fixes only for critical vulnerabilities at the maintainer's discretion.
| Version | Supported |
|---|---|
| 5.x | :white_check_mark: |
| < 5.0 | :x: |
Reporting a Vulnerability
Please report suspected vulnerabilities privately by email to security@neurosynq.net. Do not open a public GitHub issue for security reports.
Include as much of the following as you can:
- A description of the issue and its impact
- Affected version(s) of
parse-stack-next - Steps to reproduce, or a minimal proof-of-concept
- Any suggested remediation
You can expect an initial acknowledgement within 5 business days. Once the report is triaged, the maintainer will share a remediation plan and target timeline. Accepted vulnerabilities will be fixed in a coordinated release and credited in the changelog unless you request otherwise. Reports that fall outside the project's threat model will be declined with an explanation.