Only the latest tagged release is supported with security fixes.
Please do not report security vulnerabilities in public issues.
Use GitHub private vulnerability reporting:
If private reporting is unavailable in your environment, contact repository maintainers through a private channel and include:
- Affected version(s)
- Reproduction steps or proof of concept
- Impact assessment
- Suggested mitigation (if available)
- Initial acknowledgment target: within 3 business days
- Status update target: every 7 business days until resolution