Only the latest major version receives security patches. Older major versions are unsupported.
| Version | Supported |
|---|---|
| Latest major | ✅ |
| Older majors | ❌ |
Do not open a public GitHub issue for security vulnerabilities.
Use the Report a vulnerability button in the Security tab of this repository. This keeps the report private until a fix is ready.
We will acknowledge your report within 72 hours and aim to release a fix or mitigation within 90 days. We will notify you before public disclosure.
| Milestone | Commitment |
|---|---|
| Acknowledgement | Within 72 hours |
| Fix or mitigation | Within 90 days |
| Public disclosure | After fix is released |
This project follows the Coordinated Vulnerability Disclosure model.