Only the newest release will receive active security support.

Please do not report security vulnerabilities publicly, like in issues, pull requests, discussions, etc.

Use GitHub's integrated functionality for reporting a security vulnerability. Just open a new security advisory and fill out the form.

I/ We will look into any report as soon as we become aware of it and resolve it to the best of our knowledge.
I/ We will not decline reported vulnerabilities without providing a reason.
I/ We may contact you via your provided contact information if we need further information.