Use this table to check if your version is eligible for security updates:

I take the security of this project seriously. If you discover a security vulnerability, please follow these steps:

1. Use the GitHub Security Advisory "Report a Vulnerability" tab.
2. Provide detailed information about the vulnerability.
3. Include steps to reproduce (if possible).
4. Attach or describe any potential fixes you may have identified.

When you submit through GitHub's Security Advisory system, a private advisory is automatically created where we can securely discuss and track the vulnerability. You'll maintain access to this advisory throughout the process and can communicate directly with me there.

• For Tidelift subscribers: Use the Tidelift security contact.

1. Initial Response: You'll receive an acknowledgment through the GitHub Security Advisory.
2. Collaboration: Through the private advisory, we will:
   • Confirm and validate the vulnerability
   • Discuss potential fixes or mitigations
   • Coordinate on the fix implementation
3. Resolution: Once a fix is ready, we will:
   • Prepare a new release with the fix
   • Publish the security advisory
   • Credit you as the reporter (unless you prefer to remain anonymous)
   • Issue a CVE if appropriate

• DO NOT disclose the vulnerability publicly until a fix has been released.
• DO NOT open a public issue or pull request describing the vulnerability.
• If 90 days have passed since your report and no fix has been released, you may disclose the vulnerability publicly.

• Keep your dependencies up to date.
• Always use the latest supported version.
• Enable security alerts in your GitHub repository settings.
• Regularly check for security advisories related to this project.

You can view our past security advisories here on GitHub.

Last updated: September 8th, 2025