We only support the latest release version. Older versions will not receive security updates.
If a security vulnerability is fixed, a new release version will be published.
If you discover a security vulnerability, do not open a public issue or pull request.
Instead, please contact us privately via email at:
We will review your report and respond as soon as possible.
Responsible disclosure helps us keep the project and its users safe - thank you!
A security vulnerability typically includes (but is not limited to):
- Remote code execution
- Privilege escalation
- Unauthorized access to data or configuration
- Crashes or exploits triggered by untrusted input
- Any behavior that could be abused, such as compromising the integrity, availability, or confidentiality of a server running this plugin
Please do not report regular bugs or feature requests to the security email
Non-security issues should be reported publicly via GitHub issues.