This project follows semantic versioning and provides security updates for the latest major version. Older versions may receive security updates on a case-by-case basis.
If you discover a security vulnerability in this project, please follow these steps:
- Do not open a public issue on GitHub
- Send an email to the maintainers with the details of the vulnerability
- Include the following information in your report:
- A clear and detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any possible mitigations if known
- Your contact information if you wish to be contacted for additional information
We will acknowledge your report within 48 hours and will work to investigate and address the issue as quickly as possible.
Security updates will be released as quickly as possible after a vulnerability is discovered and verified. Users are encouraged to regularly update to the latest version to ensure they have all security fixes.
We prefer all communication to be in English, but we will accept reports in other languages if necessary.
We prefer responsible disclosure and will coordinate with you on the timeline for fixing and announcing the vulnerability. We aim to provide fixes within 30 days of receiving a report, though complex issues may require additional time.