The Fibonsai team and community take security bugs in Fibonsai projects seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

The Fibonsai team will send a response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report security bugs in third-party modules to the person or team maintaining the module.

• Security SLA: Fibonsai does not provide a formal SLA for security issues under the Apache 2.0 License.
• Release Schedule: Releases prioritize new functionality and include fixes for known security vulnerabilities at the time of release. Fibonsai does not guarantee a fixed release schedule.
• Version Support: Security patches are only provided for the latest release version.