Only the latest version on the main branch is actively supported with security updates.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
If you discover a security vulnerability, please report it responsibly.
Do not open a public issue. Instead, use one of these methods:
- GitHub Security Advisories (preferred): Report a vulnerability through GitHub's private reporting feature.
- Email: Contact the maintainer directly at the email address listed in the repository profile.
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof of concept
- The affected project(s) within the monorepo (caelundas, lexico, lexico-components, infrastructure)
- Any suggested fixes, if available
- Acknowledgment: Within 48 hours of the report
- Assessment: Within 7 days, you will receive an initial assessment of the vulnerability
- Resolution: Critical vulnerabilities will be patched as quickly as possible; non-critical issues will be addressed in the next scheduled release
We follow responsible disclosure. After a fix is released, the vulnerability details may be published in a security advisory. Reporters will be credited unless they prefer to remain anonymous.