This project is maintained on a best-effort basis.
- Supported: The latest release and the
mainbranch. - Unsupported: Older releases may not receive security fixes.
If you are unsure whether your version is supported, please report the issue anyway.
Please do not open a public GitHub issue for security vulnerabilities.
Instead, use GitHub Private Vulnerability Reporting:
- Go to this repository’s Security tab.
- Select Advisories.
- Click Report a vulnerability and fill out the form.
You will typically receive an initial response within 7 days.
To help triage quickly, please include:
- Affected version(s) and OS (Windows/macOS/Linux).
- Steps to reproduce and/or proof-of-concept code.
- Impact assessment (what an attacker can do).
- Any suggested fix or mitigation (if you have one).
This project follows responsible disclosure:
- Please allow reasonable time to investigate and patch before public disclosure.
- If the issue is confirmed, a fix will be developed and released as soon as practical.
- Once a fix is available, a public advisory/release notes entry may be published describing the issue and mitigation.
Security fixes will be released as normal GitHub Releases and documented in release notes when possible.
For non-security bugs and feature requests, please open a standard GitHub issue.