This project does not currently maintain a formal versioned security support matrix. Security fixes are released for the latest published version. Users running older versions are encouraged to upgrade to the most recent release to receive security updates.
If you believe you have found a security vulnerability in this project, please report it privately using GitHub Security Advisories:
- GitHub Security Advisories: Use the “Report a vulnerability” link in the Security tab of this repository to open a private security advisory with the maintainers.
When reporting, please include as much of the following information as possible:
- A clear description of the issue and its potential impact.
- Steps to reproduce the vulnerability, including any sample code, payloads, or configuration needed.
- The version(s) of the project you tested, and relevant environment details (OS, language/runtime versions, configuration).
- Any known workarounds or mitigations.
We aim to:
- Acknowledge your report within 3 business days.
- Provide an initial assessment or request for more information within 7 business days.
- Keep you updated at least once every 14 days while we investigate and prepare a fix.
Please do not open public GitHub issues or pull requests for suspected security vulnerabilities before we have coordinated a fix and disclosure, to help protect users while a patch is being developed and rolled out.