Security updates are applied to the latest release only.

If you find a vulnerability in fromager, please report it using GitHub's vulnerability reporting under the Security and quality tab (see GitHub documentation for more information).

Please do not report security vulnerabilities through public GitHub issues.

In addition to the description of the vulnerability, if possible please include a short reproducer, a proposed severity rating, and other classifying metadata such as a CWE ID or a CVSS score.

We follow a coordinated disclosure process. We ask that you give us a reasonable amount of time to address the vulnerability before making any public disclosure.