LiTHePlan only releases from the default main branch. Security fixes are applied to main and deployed to production as soon as the patch is validated. Older snapshots, tags, or forks are not maintained by the project team.

If you discover a security issue, please help us keep LiTHePlan safe for students and advisors:

• Email the maintainers at [email protected] with the details of the vulnerability, the impact, and reproduction steps.
• Alternatively, submit a private security advisory via GitHub at https://github.com/Berkay2002/LiTHePlan/security/advisories/new.
• Do not open public issues for vulnerabilities. We will acknowledge receipt within two business days.

1. Triage the report, confirm the impact, and assign a severity within five business days.
2. Develop and verify a fix in a private branch. Tests, linting, and manual verification are required before release.
3. Coordinate disclosure with the reporter. By default, we publish a summary in the changelog or release notes after the patch is deployed.
4. Credit the reporter if they desire recognition and the issue qualifies.

Thank you for helping us keep LiTHePlan secure for its users.