Security updates and patches will be applied to the latest versions of our projects.
Older versions may not receive security fixes.
| Version | Support |
|---|---|
| Latest | ✓ |
| Older | ✗ |
If a project has its own versioning or release notes, refer to that repo's README for specifics.
If you discover a security issue, please do not open a public issue.
Instead, contact us privately at:
We will acknowledge your report within 48 hours, and provide a more detailed response within a week, including:
- an initial assessment
- next steps
- an approximate timeline for a fix
We appreciate responsible disclosure and will credit contributors if desired.
Security reports should focus on:
- vulnerabilities in code (logic flaws, data leaks, unsafe behavior, etc.)
- dependency vulnerabilities
- misconfigurations affecting security
- unsafe build or deployment practices
Out of scope:
- feature requests
- performance issues
- style or code quality comments
Please avoid:
- publicly revealing vulnerabilities before a fix is released
- exploiting vulnerabilities beyond what is necessary to prove their existence
- accessing private data belonging to others
We take all reports seriously — thank you for helping keep our projects safe.