Skip to content

Security: dcastil/tailwind-merge

.github/SECURITY.md

Security Policy

Supported Versions

Security updates are available for the two latest major versions.

In the event of a security vulnerability in tailwind-merge, a patch release with a fix will be made to all affected latest major versions. I.e. if the two latest major versions of tailwind-merge would be v9.3.4 and v8.10.0 and a security vulnerability would get discovered which affected all versions from v6.0.0 to v9.3.4, then at least the releases v9.3.5 and v8.10.1 would be made to fix the security vulnerability.

Reporting a Vulnerability

Please report vulnerabilities privately via GitHub at https://github.com/dcastil/tailwind-merge/security.

In case it is not possible to report a vulnerability via GitHub, you can send me an email to metro_comical_03@icloud.com. However, I might change or disable this email address at any time depending on how much spam I get through it.

You can expect an answer from me within 24 hours most of the time. However, if I'm travelling and don't have good reception, it could take up to a few days. Usually I set my GitHub status to busy when I expect to be unresponsive for more than a day.

There aren’t any published security advisories