Security fixes are expected only for the latest code on the default branch and the latest published release.
Older releases may remain unsupported.
Please do not open a public issue for a suspected security vulnerability.
Instead:
- Use GitHub private vulnerability reporting if it is available for this repository.
- If private reporting is not available, contact the maintainer privately through GitHub before disclosing details publicly.
Please include:
- affected version or commit
- steps to reproduce
- impact assessment
- any suggested mitigation or fix
You can expect:
- an initial acknowledgement as soon as practical
- a follow-up after the issue is reviewed
- coordinated public disclosure after a fix is ready, when possible