diff-lcs Security¶ ↑

LLM-Generated Security Report Policy¶ ↑

Absolutely no security reports will be accepted that have been generated by LLM agents.

Supported Versions¶ ↑

Security reports are accepted for the most recent major release, with a limited window of support after the initial major release.

Bug reports will be accepted up to three months after release.
Security reports will be accepted up to six months after release.

All issues raised must be demonstrated on the minimum supported Ruby version.

[!important]

Because diff-lcs 1 has been the only version for over twenty years, security reports will be accepted for one year after the release of diff-lcs 2.

Version Release Date Support Ends Security Support Ends

1.x 2010 2026-05-01 2027-02-01

2.x 2026-02-01 - -

Version	Release Date	Support Ends	Security Support Ends
1.x	2010	2026-05-01	2027-02-01
2.x	2026-02-01	-	-

Reporting a Vulnerability¶ ↑

Report vulnerabilities via the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

Alternatively, create a private vulnerability report with GitHub.