Security fixes are currently provided on a best-effort basis for the latest code on main.
| Version | Supported |
|---|---|
main |
Yes |
If you discover a security issue, please avoid posting full exploit details in a public issue.
Preferred process:
- Open a GitHub Security Advisory ("Report a vulnerability") for this repository.
- Include:
- A clear description of the issue
- Reproduction steps or proof of concept
- Potential impact
- Suggested mitigation (if you have one)
If Security Advisories are unavailable, open a regular issue with the title prefix [SECURITY] and share only minimal details while requesting a private follow-up channel.
Maintainers aim to:
- Acknowledge reports within 72 hours
- Triage severity and scope quickly
- Publish a fix or mitigation plan as soon as practical
Please give maintainers reasonable time to investigate and patch before broad public disclosure.