Kolega Code is currently pre-1.0. Security reports are accepted for the latest main branch and the latest published release. Older prerelease versions are supported only when the issue is still reproducible on main.

Do not open public GitHub issues for suspected vulnerabilities.

Use GitHub private vulnerability reporting from the repository's Security tab. If that is unavailable, contact a maintainer privately and ask for a secure reporting channel before sharing exploit details.

Please include:

• The affected version, commit, or branch.
• The expected and observed behavior.
• Steps to reproduce the issue.
• Any proof of concept, logs, or stack traces.
• The impact you believe the issue has.

Maintainers will triage reports privately and coordinate disclosure after a fix or mitigation is available. Please do not publish details until the maintainers have had a reasonable opportunity to investigate and respond.