Security updates are provided for the latest published major version of Terrain, covering both the Go CLI (terrain) and the JavaScript converter package.

If you believe you found a security issue, report it privately:

• Open a private GitHub security advisory if available for this repository.
• If private advisories are unavailable, open a regular issue without exploit details and request a secure contact channel.

Please include:

• A clear description of the issue and impact
• Reproduction steps or proof-of-concept input
• Affected version(s)
• Any suggested mitigation

• We aim to acknowledge reports within 3 business days.
• We aim to provide an initial triage within 7 business days.
• Confirmed vulnerabilities will be patched and released as quickly as possible.

Please avoid public disclosure until a fix is available and maintainers confirm coordinated disclosure timing.