tempoll is currently pre-1.0. Security fixes are applied to the current main branch.

Please use GitHub Private Vulnerability Reporting / Security Advisories for this repository.

• Do not disclose vulnerabilities in public issues or pull requests.
• Include clear reproduction steps, impact, and affected versions/commits.
• Include suggested mitigations if available.

• Initial acknowledgment target: within 72 hours.
• Triage and severity classification target: within 7 days.
• Fix and release timeline depends on impact and complexity.

We will coordinate disclosure timing with the reporter whenever possible.