Security patches are applied to the latest released version of SIB.

Please email vulnerabilities privately to [email protected].

Do not disclose publicly until we confirm and patch the issue. We will acknowledge receipt within 48 hours and provide a fix timeline.

Once fixed, we publish a CVE and release notes describing the impact and mitigation steps.