The pacm-v8 crate follows semantic versioning. We provide security updates for the latest patch release of the most recent minor version. Older releases may receive fixes at the maintainers' discretion.

If you rely on older releases, consider backporting fixes or upgrading regularly.

Please do not open public issues for security vulnerabilities.

1. Email the maintainers at [email protected] with a detailed description of the issue, proof of concept, and any potential impact.
2. Expect an acknowledgment within 3 business days.
3. We will investigate and provide an initial assessment within 10 business days.
4. Once a fix is available, we will coordinate disclosure and release timing with you.

We prefer English for security disclosures, but we will make a best effort to work with you in another language if needed.

We will not publicly disclose a vulnerability without prior coordination and consent from the reporter unless required by policy or law. Reporters will be credited in release notes unless anonymity is requested.