We support the latest version of this library. We do not guarantee support of previous versions. If a defect is reported, it will generally be fixed on the latest version (provided it exists) irrespective of whether it was introduced in a prior version.
If you discover a vulnerability against this package, please report it in the issues tab with a vulnerability label. We will examine promptly.
If you would like to disclose the vulnerability privately, you may reach the maintainers in our channel on the gophers slack.
This project submits security results to the OpenSSF Scorecard.
One heuristic these scorecards measure to gauge whether a package is safe for consumption is an "Actively Maintained" metric. Because this library implements UUIDs, it is very stable - there is not much maintenance required other than adding/updating newer UUID versions, keeping up to date with latest versions of Go, and responding to reported exploits. As a result, periods of low active maintenance are to be expected.