Security updates are provided for the latest main branch until the first stable release line exists.

Report suspected vulnerabilities privately to the SymPress maintainers. Do not open public GitHub issues for security-sensitive reports.

Include:

• affected package and version or commit
• reproduction steps
• expected impact
• any relevant logs or proof of concept

This repository runs Composer audit, npm audit, CodeQL, Dependabot, and reusable SymPress QA workflows. Keep lockfiles committed and review dependency update pull requests regularly.