PySharpe is currently in early development. Only the most recent patch release for each active minor version receives security updates. Older minors and pre-release tags are not maintained.

We strongly encourage responsible disclosure. Please report suspected vulnerabilities through the GitHub Security Advisories form: https://github.com/janusson/PySharpe/security/advisories/new. Security advisories keep reports private until we publish a fix.

When reporting, include the following details when possible:

• a clear description of the issue and its security impact
• steps or proof-of-concept code to reproduce the vulnerability
• any known mitigations or workarounds

We will acknowledge receipt within 3 business days. During investigation, we will keep you updated at least once every 7 days until the issue is resolved or the report is closed. When a vulnerability is confirmed, we will coordinate on disclosure timing and credit.

If you cannot use the advisory form, please contact the maintainers through a direct message on GitHub. Do not open a public issue for security reports.