The latest release on the main branch is supported with security updates.
| Version | Supported |
|---|---|
| Latest | Yes |
Do not open a public issue for security vulnerabilities.
To report a vulnerability, use one of these methods:
- GitHub Security Advisories (preferred) — navigate to the Security tab and click Report a vulnerability.
- Email — send details to leo@leocelis.com.
Please include:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Reports are acknowledged within 3 business days.
- A fix or mitigation plan is communicated within 14 days.
- Public disclosure is coordinated after a fix is available.
This policy covers the IVD framework code, MCP server, and published recipes/templates. Third-party dependencies are managed via Dependabot and updated promptly when advisories are published.
Thank you for helping keep IVD secure.