We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| latest | ✅ |
If you discover a security vulnerability, please report it by opening a private security advisory on GitHub.
Please include the following information in your report:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the vulnerability, including how an attacker might exploit it
We will acknowledge your report within 48 hours and send a more detailed response within 5 business days indicating the next steps in handling your report.
When we receive a security bug report, we will:
- Confirm the problem and determine the affected versions
- Audit code to find any similar problems
- Prepare fixes for all supported versions
- Release new security fix versions as soon as possible
Thank you for helping keep this project and its users safe!