Sapling is still in active early development. No releases should be considered production-ready, but security issues are fixed with new releases as soon as possible.

Please report any security vulnerabilities to security@saplingjs.com. A maintainer will respond within 48 hours.