Supported Versions

All versions after 1.x will be supported from a security perspective, unless explicitly end-of-life'd in this document.

We don't have a private disclosure mechanism. Please contribute any known vulnerabilities to the issue tracker for the relevant project. If you feel strongly that you don't want to report it publicly, either engage us on slack or the email list. If your vulnerability report is accepted, you'll get named credit (if you so choose) and we'll fix it as expediantly as we can.