color Security Policy

LLM-Generated Security Report Policy

Absolutely no security reports will be accepted that have been generated by LLM agents.

Supported Versions

Security reports are accepted for the most recent major release and the previous version for a limited time after the initial major release version.

After a major release, the previous version will receive full support for three months and security support for an additional three months (for a total of six months).

Because color 1.x supports a wide range of Ruby versions that are themselves end of life, security reports will only be accepted when they can be demonstrated on Ruby 3.2 or higher.

Version Release Date Support Ends Security Support Ends

1.x 2015-10-26 2025-11-07 2026-02-07

2.x 2025-08-07 - -

Version	Release Date	Support Ends	Security Support Ends
1.x	2015-10-26	2025-11-07	2026-02-07
2.x	2025-08-07	-	-

Prefer creating a private vulnerability report with GitHub. Alternatively, send an email to security@ruby.halostatue.ca with the text Color in the subject. Emails sent to this address should be encrypted using age with the following public key: age with the following public key:

age1fc6ngxmn02m62fej5cl30lrvwmxn4k3q2atqu53aatekmnqfwumqj4g93w

color Security Policy

LLM-Generated Security Report Policy

Supported Versions

Reporting a Vulnerability