Only the latest release is supported with security updates.

Please report security vulnerabilities privately. Do not open a public issue.

Email: me@refringe.com

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will acknowledge your report within 48 hours and work with you to understand and address the issue.

This policy covers the Anchor LFS server and its first-party dependencies.