Security updates cover the latest two major versions.

If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. Please disclose it at security advisory.

We will be following the 90-day deadline to fix the vulnerability before public disclosure.