We release patches for security vulnerabilities as needed.
Only the most recent stable release is supported with security updates.
Instead, use GitHub’s Private Vulnerability Reporting feature.
This creates a private advisory that is only visible to the maintainers.
We aim to respond to new reports within 5 business days.
If you are unable to use the private vulnerability reporting feature, please check the repository’s Security tab for alternative contact details.