SafeDose is under active development. Only the latest major release line receives security updates. Older versions are not supported once a new major release is published.

If you discover a security vulnerability in SafeDose:

1. Do not open a public issue.
2. Email: [email protected] (or use your organization’s preferred channel).
3. Include as much detail as possible: affected version, reproduction steps, and potential impact.

• Acknowledgment: Within 72 hours.
• Initial assessment: Within 7 days.
• Status updates: Provided weekly until resolution.
• Resolution: If confirmed, a fix will be prioritized and released in the next patch version. You will be credited unless you request anonymity.
• Decline: If the report is not a security issue, we will explain why.

We encourage responsible disclosure and will work with researchers to coordinate fixes and timelines.