We support the latest release on the main branch. Security fixes are released as soon as possible. If you are using an older version, please upgrade to the latest release.
Please report security issues responsibly by using GitHub Security Advisories:
- Go to the repository’s “Security” tab.
- Click “Report a vulnerability”.
- Provide a detailed report with steps to reproduce, impact, and any suggested fixes.
You can also open a private advisory using: https://github.com/r6e/ruby-rego/security/advisories/new
We will acknowledge receipt as soon as possible, typically within 5 business days, and will work with you to understand and resolve the issue. We may ask for additional information during triage.
We follow coordinated disclosure. Please do not publicly disclose the issue until we have had a chance to investigate and provide a fix or mitigation.
This policy applies to the code and artifacts in this repository, including the published gem and documentation. Vulnerabilities in third‑party dependencies should be reported to their respective maintainers.