We actively patch only the most recent minor release of Tumble Code. Older versions receive fixes at our discretion.

Please report vulnerabilities privately to a maintainer through whichever contact channel Tumble Code publishes once it has one set up, including:

• A short summary of the issue
• Steps to reproduce or a proof of concept
• Any logs, stack traces, or screenshots that might help us understand the problem

We aim to acknowledge reports within a reasonable timeframe and release a fix or mitigation as quickly as the severity warrants. While we work on a resolution, please keep the details private.

Thank you for helping us keep Tumble Code users safe.