Since this repo is deploying a website, there is no release cycle.

static/.well-known/security.txt contains most of the needed information in case you found a vulnerability.

We try to be as fast as possible in fixing these but as we are Non-Profit, any timeline will be casy-by-case.