Security fixes are provided for:
| Version | Supported |
|---|---|
main branch |
Yes |
Latest v0.x tag |
Yes |
| Older tags | No |
Please do not open a public issue for security vulnerabilities.
Use GitHub's private vulnerability reporting:
- Open the repository on GitHub.
- Go to
Security->Advisories. - Click
Report a vulnerability.
Include:
- Affected package and version.
- Reproduction steps or proof of concept.
- Impact and suggested fix (if known).
- Initial triage target: within 3 business days.
- Status updates: at least weekly until resolved.
- A fix will be released as soon as practical after validation.