The latest released version receives security fixes. Older versions are not maintained.

Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.

Instead, report them privately through GitHub's Private Vulnerability Reporting, or email security@progressplanner.com.

Please include:

• A description of the vulnerability and its impact.
• Steps to reproduce, or a proof of concept.
• Any affected versions you have confirmed.
• Suggested remediation, if you have one.

• We aim to acknowledge your report within 3 business days.
• We will keep you informed as we investigate and work on a fix.
• Once a fix is released, we are happy to credit you in the advisory unless you prefer to remain anonymous.

Thank you for helping keep this project and its users safe.