If there are any vulnerabilities discovered within Utility, please do not hesitate to report them.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. If you have a fix for the issue, that is most welcome -- please attach or summarize it in your message!

I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.

Please do not disclose the vulnerability publicly until a fix is released!

Once either a) a fix has been published, or b) I have declined to address the vulnerability for whatever reason, you are free to publicly disclose it.

Any packages marked as Yes under Tidelift Only in the Supported Versions table above means that particular version will only receive updates for Tidelift Subscribers.

If you're a Tidelift subscriber, please use this route instead:

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.