If you discover a security vulnerability, please do not open a public GitHub issue. Instead, report it by emailing:
Please include:
- A description of the vulnerability
- Steps to reproduce it
- Potential impact
- Any suggested fixes (optional)
We will acknowledge your report within 48 hours and work with you to understand and resolve the issue promptly. We aim to release a patch within 30 days of disclosure for critical vulnerabilities.
Security patches are applied to the latest stable release.
| Version | Supported |
|---|---|
| Latest | ✓ |
| Older | No |
Security patches are released as patch versions and announced in CHANGELOG.md.