This project supports its released versions as follows:
- The latest released version on Pypi gets fixes, including security fixes.
- Earlier versions are not fixed anymore.
Please report vulnerabilities via the Security Advisories page of this project. This ensures that they are passed on to the maintainers privately.
Do not report them as issues or pull requests, since that would reveal the vulnerability before the maintainers have a chance to fix it. Note that even with a pull request that fixes the vulnerability perfectly, it is revealed publicly before a new version of the package can be released to Pypi.