Security updates are generally provided for the latest version of the project on the default branch.
Please do not open public issues for security vulnerabilities.
Instead, report them privately by contacting the maintainers through GitHub or by sending a direct message to the project maintainers.
Please include:
- a description of the vulnerability
- steps to reproduce
- potential impact
- any suggested mitigation
- We will review the report as soon as possible.
- We will confirm whether the issue is valid.
- We will work on a fix and coordinate disclosure.
- We may ask for additional information during the investigation.
We ask reporters to keep vulnerability details confidential until a fix is available and a public disclosure is coordinated.
Please use the repository's private contact channel or maintainers' contact information for security reports.