Security updates are applied to the latest version of KeyframeCSS only.

Older versions may not receive security fixes.

If you discover a security vulnerability, please do NOT open a public issue.

Instead, report it via:

• GitHub Security Advisories (preferred)
• GitHub Issues (only if it is not a sensitive security problem)

For sensitive issues (e.g. privacy-related or potential abuse vectors), please report privately.

After reporting a vulnerability:

• We will acknowledge the report
• Investigate the issue
• Provide a fix or mitigation if required
• Coordinate disclosure timing if applicable

Security concerns include:

• Exploitable CSS injection patterns
• Unexpected DOM manipulation risks
• Browser-specific crash or freeze cases
• Any behavior that could compromise user privacy or safety

The following are not considered security issues:

• Styling bugs
• Minor visual inconsistencies
• Non-exploitable rendering issues