Only the latest version is supported with security updates.
Version | Supported |
---|---|
0.5.3 | ✅ |
< 0.5.3 | ❌ |
If you identify a security vulnerability, please use the GitHub "Private vulnerability reporting" feature in the "Security" tab. The development team will respond as soon as possible. Please keep in mind that this is a free project and that replies may take some time.
Fixed vulnerabilities will be closed and documented in release notes. Credit for the discovery will be attributed in the GitHub security advisories, and a CVE can be created once divulgation is completed.
This project encourages the open sharing of information. If work on patching a vulnerability has not started 90 days after the disclosure or if a vulnerability is accepted by the maintainers and will not be fixed, the vulnerability can be disclosed in a blog post and/or GitHub issue at will.