Only the most recent minor release line receives security fixes.

Please do not open a public GitHub issue for security reports.

Use GitHub's private vulnerability disclosure form:

• Open a private Security Advisory: https://github.com/afx-team/hebb-mind/security/advisories/new

The form lets you describe the issue, attach a proof of concept, and propose a patch. Only the maintainers can see the report until an advisory is published.

We aim to acknowledge new reports within 7 days and will keep you posted in the advisory thread until a fix ships. Once a patch is released we publish a GitHub Security Advisory, request a CVE if applicable, and credit the reporter unless you ask to remain anonymous.

If you cannot use the GitHub form, open a regular issue titled security: contact request (no details) and a maintainer will reach out privately.