Security Policy
Supported Versions
Pair v3 is the current stable release line. Pair v4 is in alpha on main and receives security fixes while the next major release is under development.
| Version | Supported |
|---|---|
main / 4.x-dev |
Development security fixes only |
3.x |
Yes |
< 3.0 |
No |
Reporting a Vulnerability
Do not report security vulnerabilities in public GitHub issues.
Report suspected vulnerabilities through GitHub private vulnerability reporting when available, or contact the maintainer privately through the project owner profile. Include:
- affected Pair version or branch
- a minimal reproduction or clear attack path
- expected impact
- any known workaround
The maintainer will confirm receipt, assess the report, and coordinate a fix or advisory when the issue is accepted.