Only the latest released version is guaranteed to receive security fixes. Older versions are not maintained for ongoing security support.
If you discover a security issue, please do not disclose details in a public issue.
Please contact the maintainers privately through one of the following channels:
- GitHub Security Advisory, if enabled
- or a private contact channel provided by the repository maintainers
Please include as much of the following as possible:
- a description of the issue and its impact
- reproduction steps or a proof of concept
- affected versions
- an optional remediation suggestion
We review reports as quickly as possible, assess severity, and schedule a fix and release when necessary.
- Please avoid public disclosure before a patch is released.
- After a fix is published, we may include a brief note in the release notes without exposing exploit details.