mime-types-data Security¶ ↑

LLM-Generated Security Report Policy¶ ↑

Absolutely no security reports will be accepted that have been generated by LLM agents.

Supported Versions¶ ↑

Security reports are accepted for the most recent major release, with a limited window of support after the initial major release.

• Bug reports will be accepted up to three months after release.

• Security reports will be accepted up to six months after release.

All issues raised must be demonstrated on the minimum supported Ruby version.

Reporting a Vulnerability¶ ↑

Report vulnerabilities via the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Alternatively, create a private vulnerability report with GitHub.