Zerp is under active development on main. There are no maintained LTS
branches yet — security fixes land on main and the latest state of each
module repository under the zerp-pk organization.
Please do not report security vulnerabilities through public GitHub issues.
Instead, use GitHub's private vulnerability reporting for this repository:
- Go to the Security tab of this repository.
- Click Report a vulnerability.
- Fill in as much detail as you can: affected module(s), reproduction steps, and potential impact.
If the vulnerability is in one of the feature module repositories (see the
table in README.md), please report it there directly — each
module repo under zerp-pk has the same private reporting option enabled.
We'll acknowledge your report, investigate, and keep you updated as a fix is developed. Please give us reasonable time to address the issue before any public disclosure.