We provide security fixes for the latest published release on the 0.6.x line. Older versions may not receive patches — please upgrade to the latest release.

Please do not report security vulnerabilities through public GitHub issues.

Instead, report them privately via one of the following:

• GitHub's private vulnerability reporting (preferred), or
• Email dog830228@gmail.com with the subject line SECURITY: pg-walstream.

Please include:

• A description of the vulnerability and its impact.
• Steps to reproduce or a proof of concept.
• The affected version(s) and connection backend (libpq or rustls-tls).

• We aim to acknowledge your report within 72 hours.
• We will work with you to understand and validate the issue.
• Once a fix is ready, we will publish a new release and credit you in the advisory (unless you prefer to remain anonymous).

Thank you for helping keep pg_walstream and its users safe.