Security fixes target the latest tagged release.

Older releases may receive fixes when the change is small and the risk is real. Do not build a survival plan around that sentence.

Report security issues privately through GitHub Security Advisories:

https://github.com/odinns/coding-style/security/advisories/new

Do not open a public issue for a vulnerability.

• The affected version.
• A clear description of the issue.
• Steps to reproduce it.
• The impact if someone exploits it.
• Any suggested fix, if you already have one.

This package is config-only. Most reports will be about unsafe defaults, dependency exposure, or release artifacts rather than runtime vulnerabilities.