Security Policy
May 20, 2026 ยท View on GitHub
Supported Versions
Only the most recent 2.x release line receives security updates. The 1.5.x line is no longer maintained.
| Version | Supported |
|---|---|
| 2.x | Yes |
| 1.x | No |
Reporting a Vulnerability
Please do not open a public GitHub issue for security vulnerabilities.
Report privately via GitHub's Private Vulnerability Reporting form on this repository. This routes the report directly to maintainers without disclosing details publicly.
When reporting, include:
- A description of the issue and its impact.
- Steps to reproduce, or a minimal proof of concept.
- Affected version(s).
- Any suggested mitigation, if you have one.
You will receive an acknowledgement once the report has been reviewed. If the vulnerability is confirmed, a fix will be prepared and a coordinated disclosure date agreed before any public mention.
Scope
This policy covers the published devbridge-autocomplete package and its
source in this repository. It does not cover demo HTML, third-party
dependencies, or applications that consume the plugin.