| Version/Branch | Supported |
|---|---|
master |
Yes |
dev |
Best effort |
| Older branches/tags | No |
Please do not open public issues for security reports.
Use GitHub's private reporting flow:
- Open the repository Security tab.
- Click Report a vulnerability.
- Include reproduction steps, impact, and affected version/branch.
If private reporting is unavailable, contact a maintainer directly and share details privately.
- Initial triage response: within 7 days.
- Status update after validation: within 14 days.
- Fix timeline depends on severity, exploitability, and release risk.
This policy covers the DUMB backend codebase and repository workflows. Related projects (like dmbdb) may have separate policies.