| Version | Supported |
|---|---|
| latest | Yes |
| < latest | No |
Please do not report security vulnerabilities through public GitHub issues.
Instead, use GitHub Private Security Advisories to report vulnerabilities.
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Stage | Timeline |
|---|---|
| Acknowledgment | 48 hours |
| Initial assessment | 7 days |
| Fix and disclosure | 30 days |
We follow coordinated disclosure. Once a fix is available, we will:
- Release a patched version
- Publish a security advisory
- Credit the reporter (unless anonymity is requested)