Please do not open a public GitHub issue for security vulnerabilities.

Email security findings to security@b-treeventures.com. Include:

• A description of the issue and its impact
• Steps to reproduce (a minimal proof-of-concept is ideal)
• The affected project and version
• Your name and affiliation if you'd like public credit

We aim to:

• Acknowledge your report within 3 business days
• Provide a preliminary assessment within 7 business days
• Ship a fix or coordinated disclosure plan within 30 days for high-severity issues

Each project documents its own supported-versions table in its repo. As a default, only the latest minor release line is actively supported.

This policy applies to all repositories under the B-Tree Labs organization.

Researchers acting in good faith will not be pursued legally for testing or reporting vulnerabilities in accordance with this policy. Do not access, modify, or destroy data belonging to others, and do not impair service for other users.