Only the latest released version receives security fixes.
Please do not open a public GitHub issue for security vulnerabilities.
Instead, report them privately using either of the following channels:
- Preferred: GitHub Security Advisories
- Email (fallback): yutian.taoyt@alibaba-inc.com
Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Any suggested mitigations or fixes
We aim to acknowledge reports within 3 business days and provide a resolution timeline within 14 days.