Only the latest release of ADDA Dev Runtime receives security fixes. No backports are provided.

Do not open a public GitHub issue for security vulnerabilities. Instead, use GitHub's private Report a vulnerability feature.

This is a single-author project maintained on a best-effort basis. There is no formal SLA for security response; reports will be reviewed as promptly as possible.

The ADDA Dev Runtime is a containerized development environment. Vulnerabilities in the container runtime itself (Docker), the host operating system, or in third-party tools bundled in the images should be reported to the respective upstream projects.