We provide security updates for versions released within the last two years.
| Version | Supported |
|---|---|
| 4.20.x | ✅ |
| 4.19.x | ✅ |
| < 4.19 | ❌ |
To report a security vulnerability, please use GitHub's private vulnerability reporting feature:
- Go to the Security Advisories page
- Click "Report a vulnerability"
- Provide a detailed description of the vulnerability
Please do not report security vulnerabilities through public GitHub issues.
- Initial response: Within 7 days of your report
- Status updates: We will keep you informed of our progress
- Resolution: We aim to address confirmed vulnerabilities promptly and will coordinate disclosure with you
- If the vulnerability is accepted, we will work on a fix and coordinate a release timeline with you
- If the vulnerability is declined, we will explain our reasoning
- Credit will be given to reporters in release notes unless anonymity is requested