| Version | Supported |
|---|---|
| Latest | Yes |
| Older | No |
We support only the current release. Please upgrade before reporting a vulnerability.
Do not open a public GitHub issue for security vulnerabilities.
Report vulnerabilities privately via GitHub's Security Advisories feature (Settings > Security > Advisories > New draft advisory).
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept (if safe to share)
- The version(s) affected
- Any suggested mitigations you are aware of
We aim to acknowledge reports within 3 business days and to provide a resolution timeline within 10 business days.
Once a fix is available we will:
- Release a patched version
- Publish a GitHub Security Advisory crediting the reporter (unless anonymity is requested)
- Add an entry to CHANGELOG.md