We support security updates for all current major versions since 1.x.
We take the security of Unhead seriously. If you believe you've found a security vulnerability, please:
- Email us at harlan@harlanzw.com with details about the vulnerability
- OR submit a security advisory through the GitHub repository (not as a regular issue)
- Include steps to reproduce the vulnerability
- If possible, include impact and recommendations for mitigation
We'll acknowledge receipt of your report promptly and work on addressing the issue.
Please note that we do not consider XSS vulnerabilities when using the innerHTML attribute as security issues, as this is an inherent risk when using this feature.