Only the latest version published on Hex receives security updates.

Please report security vulnerabilities privately. Do not open a public issue or pull request for a suspected vulnerability.

Use GitHub's private vulnerability reporting: open a new advisory at https://github.com/lud/aoc/security/advisories/new, or open the Security tab of this repository and click "Report a vulnerability". This opens a private channel visible only to you and the maintainers.

I will do my best to acknowledge your report and to keep you informed while it is investigated. If the report is accepted, a fix will be released and a security advisory published through GitHub Security Advisories.

For non-sensitive questions about this policy itself, feel free to open a regular issue.