We appreciate you disclosing important security vulnerabilities responsibly and privately by following the easy process defined below.

We will keep the details of your security vulnerability report private and only share it with verified members of our organization or our partner organizations and only on an as-needed basis.

At the moment only the latest version is actively maintained and will get get security updates, so make sure you always have the latest version installed.

If you are using a previous minor version, we recommend to upgrade to the current minor version. This project uses semantic versioning, therefore you can upgrade to a more recent minor version without incurring into breaking changes.

To report a vulnerability, please DO NOT open a public Issue or Pull Request.

Report a vulnerability using the security tab on GitHub and create a Security Advisory.

We will review the advisory and work with you to find a suitable solution.

We will disclose the vulnerability once a patch is prepared and ours community and partners have an easy path forward to apply the patch promptly.

We will be sure to give you credit for the vulnerability discovery unless you request otherwise.

Information about security vulnerabilities are published in the Security Advisories page.