This plugin is designed to be used from trusted environments where inputs and dependencies are known to not be malicious. External dependencies including protoc itself are not covered by the policy in this file.

Security updates for this plugin will be applied on top of the latest released version unless an issue arises such that it explicitly needs to be backported to older versions.

Please raise an issue with the details and reproduction if appropriate.

If the issue is with protoc or another dependency, then any issues need to be raised with the associated projects. This project is not affiliated with any of the projects it depends upon.