The following versions of @rbac/rbac receive security updates and fixes. Only actively maintained releases will be patched in the event of a confirmed security issue.

• 2.1.x is the current latest release on npm and is actively published. :contentReference[oaicite:1]{index=1}
• 2.0.x is an older release but may receive critical fixes at maintainers’ discretion. :contentReference[oaicite:2]{index=2}
• Versions below 2.0 are no longer maintained and are not eligible for security backports. :contentReference[oaicite:3]{index=3}

We take security issues seriously and encourage responsible disclosure. If you believe you have found a security vulnerability in this project, please follow the process below:

1. Create a GitHub Issue with the security label in the repository:
   https://github.com/phellipeandrade/rbac/issues
2. In the issue, include:
   • A clear description of the issue.
   • Steps to reproduce the issue.
   • Minimal reproduction code if applicable.
   • Affected version(s) (as specified in Supported Versions).

• You will receive an acknowledgement of your report within 5 business days.
• A core maintainer will evaluate the report and may request additional details.
• If the issue is confirmed, the maintainers will:
  • Coordinate a fix.
  • Publish a patched release for supported versions.
  • Update this policy if needed.
• You will be kept informed of progress via the GitHub issue.

Please do not publish or disclose details publicly until a fix is available and communicated by project maintainers.

Security patches for confirmed vulnerabilities will be backported to supported versions when feasible. Unsupported versions will not receive patches.

For security reports and coordination, open an issue with the security label on the repository:
https://github.com/phellipeandrade/rbac/issues