AsterGraph is currently in public alpha. Security fixes are only guaranteed for:

• the latest code on master
• the latest prerelease tag once prerelease publishing is active

Older historical commits and outdated prerelease tags are not supported deployment targets.

Please do not open a public issue for undisclosed security vulnerabilities.

Use GitHub's private vulnerability reporting flow for this repository:

• open the repository on GitHub
• choose Security
• choose Report a vulnerability

Include:

• affected package(s) or host path
• AsterGraph version/tag or commit
• impact summary
• reproduction details or proof of concept
• any proposed mitigation if you already have one

Maintainers will try to:

• acknowledge the report
• confirm whether the issue is reproducible
• decide whether the fix ships on master, a prerelease tag, or both
• coordinate disclosure once a fix or mitigation is ready

Because the project is still alpha, response times are best-effort rather than SLA-backed.