Only the latest released version receives security updates.

Do not open a public GitHub issue for security vulnerabilities.

Instead, please report vulnerabilities privately via GitHub Security Advisories.

Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We aim to acknowledge reports within 48 hours and provide a fix or mitigation plan within 7 days for confirmed vulnerabilities.

This policy covers the Rudel platform:

• API server (apps/api)
• CLI tool (apps/cli, published as rudel on npm)
• Web application (apps/web)