Security fixes are targeted at the latest released version of Maestro. Older releases may receive fixes when the issue is severe and a safe backport is practical.
Please do not open a public GitHub issue or pull request for a suspected vulnerability.
Use GitHub's private vulnerability reporting / Security Advisory flow for this repository. If that is unavailable, contact the maintainer privately through the contact options on the maintainer's GitHub profile and include only the minimum detail needed to establish a private channel.
A good initial report includes:
- affected version or commit;
- high-level impact;
- WordPress/PHP/browser environment;
- whether authentication or a specific role is required.
Avoid publishing exploit details until a fix is available and coordinated disclosure is agreed.
- Initial acknowledgement target: within 7 days.
- Triage/update target: within 14 days after acknowledgement.
- Fix timing depends on severity, reproducibility, and release risk.