Only the latest version of the library is actively supported.

If you've discovered a security issue in zen-core, please disclose it privately and responsibly by emailing us at security@zenprivacy.net.

In your report, please include:

• A description of the issue and how it could be exploited
• Step-by-step instructions to reproduce the issue (if known)
• The date and time you first identified the vulnerability
• A list of affected platforms and versions (e.g., Windows 11, macOS 15)
• Whether the vulnerability is already public or known to third parties (please provide details)
• Your name and affiliation (if you'd like to be credited)
• As much technical detail as possible
• Any additional information that may be helpful

You should receive an initial response within 72 hours. If you don't hear back, please follow up again, or send a notice (important: without any vulnerability details) to a project lead via personal email or a verified social platform.

After you make a report, we will work with you to confirm it and assess its impact. Once we've been able to confirm the issue, we'll work to remediate it. We ask that you keep your report confidential for 90 days after you make it, to give us a chance to remediate the issue and protect our users.

After we've fixed the issue - or after 90 days, whichever comes first - we will publish a summary of the vulnerability and the actions taken. You are then free to publish your own disclosure.