Security updates will only be provided on top of the master branch.

Please DO NOT report any potential security vulnerability via a public channel (mailing list, github issue, etc.). Instead, create a report via https://github.com/ilbers/isar/security/advisories/new or contact the maintainers by email at security@isar-build.org. Please provide a detailed description of the issue, the steps to reproduce it, the affected versions and, if already available, a proposal for a fix. You should receive a response within 15 business days. If for some reason you do not, please follow up by email to ensure we received your original message.

If we confirm the issue as a vulnerability, we will open a Security Advisory on github and give credits for your report if desired. We follow the coordinated vulnerability disclosure model and will define an appropriate disclosure timeline together with you.