We can only support the latest version of our project with security updates. We will not provide any support for issues on outdated versions.

To report a vulnerability, open a draft security advisory.

After the draft security advisory is open, you can privately discuss it with collaborators and create a temporary private fork where you can collaborate on a fix. If you've already fixed the vulnerability, just fill out the draft security advisory and then publish it.