Only the most recent release receives security fixes.

Please do not open a public GitHub issue for security vulnerabilities.

Report privately via GitHub's built-in mechanism: Security → Report a vulnerability

Include:

• A clear description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (optional)

You will receive a response within 7 days. If a fix is warranted, a patch release will be made and a CVE requested if appropriate.