Security fixes are applied to the latest 1.x release line of @oglofus/auth. Older release lines should be considered unsupported unless explicitly noted in a release announcement.

If you believe you have found a security vulnerability in @oglofus/auth, do not open a public GitHub issue.

Please report it privately through GitHub Security Advisories:

• https://github.com/oglofus/auth/security/advisories/new

Include as much detail as you can:

• Affected version(s)
• Impact and attack scenario
• Reproduction steps or proof of concept
• Any suggested mitigation or patch

For non-sensitive bugs, documentation mistakes, or general hardening ideas, use the public issue tracker instead:

• https://github.com/oglofus/auth/issues

Maintainers will review private reports, validate impact, prepare a fix, and coordinate disclosure once remediation is available. Please avoid public disclosure until the issue has been triaged and a fix or mitigation is ready.