This project is distributed primarily through private VSIX releases. Security fixes are applied to the latest released version.
If you discover a security issue, do not post it publicly first.
Please report it privately with:
- A short description of the issue
- Steps to reproduce
- Impact assessment
- Suggested mitigation (if known)
If no dedicated security inbox is available, contact the maintainer through the same private channel used for receiving the VSIX package.
- Initial acknowledgement target: within 7 days
- Triage and severity assessment target: within 14 days
- Fix/release timing depends on impact and complexity