Only the most recent major release is supported with security updates.

Please do NOT open an issue to report security vulnerabilities.

Instead, please email the administrative contact or send a Direct Message to the maintainers securely. We will evaluate your report internally, write a patch, and securely push an update before making the vulnerability publicly known to allow time for people to update their deployments.

We will try to acknowledge receipt of your vulnerability report within 48 hours.