- Security updates target the
mainbranch only; earlier tags and forks are unsupported. - Fixes are delivered on a best-effort basis once an issue is confirmed.
- Do not file public issues for suspected vulnerabilities.
- Submit reports via GitHub's “Report a vulnerability” workflow or email the maintainer listed on the repository profile.
- Include reproduction steps, affected script paths, Illustrator versions, document types, and any suggested mitigations.
- Mark the report as time-sensitive if there is an external disclosure deadline.
- Maintainers will acknowledge valid reports when workload permits and coordinate remediation details and disclosure timing with the reporter.