We release security fixes for the latest stable version and the master branch. If you are running an older version, upgrading is the fastest path to a fix.
| Version | Supported |
|---|---|
| Latest stable | ✅ |
| master | ✅ |
| Older releases | ❌ |
Please do not open a public issue for security problems.
Instead, use one of these channels:
- GitHub Private Security Advisory — Open a draft advisory (preferred).
- Contact a maintainer directly — See MAINTAINERS.md for current maintainers.
Include as much detail as possible:
- Affected versions
- Steps to reproduce
- Potential impact
- Suggested fix (if you have one)
- We aim to acknowledge reports within 5 business days.
- We will investigate and provide an initial assessment within 15 business days.
- Once a fix is ready, we will coordinate disclosure and publish a security advisory.
- We credit reporters unless they prefer to remain anonymous.
We follow a coordinated disclosure model. We ask reporters to give us reasonable time to release a fix before publicly discussing the issue.