Only the most recent 2.x release line receives security updates. The 1.5.x line is no longer maintained.

Please do not open a public GitHub issue for security vulnerabilities.

Report privately via GitHub's Private Vulnerability Reporting form on this repository. This routes the report directly to maintainers without disclosing details publicly.

When reporting, include:

• A description of the issue and its impact.
• Steps to reproduce, or a minimal proof of concept.
• Affected version(s).
• Any suggested mitigation, if you have one.

You will receive an acknowledgement once the report has been reviewed. If the vulnerability is confirmed, a fix will be prepared and a coordinated disclosure date agreed before any public mention.

This policy covers the published devbridge-autocomplete package and its source in this repository. It does not cover demo HTML, third-party dependencies, or applications that consume the plugin.