If you believe you have discovered a vulnerability, please report it privately. Do not disclose as a public issue, or pull request.

This project is maintained by volunteers on a best-effort basis. As such, please give us 90 days to work on a fix before public exposure of the issue.

Please report the vulnerability through the new security advisory form.

Security updates are only applied to the most recent release.