Currently, only the latest main branch and the latest official release are receiving security updates.

Security is the absolute highest priority for GitSetu. As an identity-bootstrapping and credential-management tool, we treat all security flaws as critical emergencies.

DO NOT report security vulnerabilities through public GitHub issues.

Please report all security vulnerabilities privately to the maintainers via email or through the GitHub Security Advisory private reporting feature (if enabled).

• A description of the vulnerability.
• Steps to reproduce the issue (including OS, Bash version, and environment details).
• Any potential impact on users (e.g., token leakage, SSH key exposure, privilege escalation).

Maintainers will actively acknowledge your report within 48 hours, and you will receive regular updates on our progress towards a fix. We will work with you to responsibly disclose the vulnerability once a patch has been shipped.