Only the latest release of nexthop receives security updates.

Please do not open a public issue for security vulnerabilities.

Report privately through GitHub's "Report a vulnerability" feature:

1. Go to the Security tab of this repository.
2. Click Report a vulnerability.
3. Provide as much detail as you can: affected version(s), reproduction steps, observed impact, and any suggested mitigation.

You will receive an acknowledgement within 7 days. After triage we will coordinate a fix and disclosure timeline with you privately before any public release.

This project follows coordinated disclosure:

• Reports remain confidential until a fix is released.
• Public disclosure (release notes, advisory, CVE where applicable) is published alongside the patched release.
• Reporter credit is included in the disclosure unless you request otherwise.