The following versions of the project are currently supported with security updates.
| Version | Supported |
|---|---|
| 2.14.x | ✅ |
| 2.13.x | ✅ |
| 2.12.x | ✅ |
| < 2.12 | ❌ |
We encourage responsible disclosure of security vulnerabilities. If you discover a vulnerability, please report it to us privately to allow time for remediation.
- Private Disclosure: Use GitHub's Security Advisories feature to report a vulnerability. This ensures the report remains private and secure. You can create a private security advisory here.
- Expected Response Time: We aim to acknowledge vulnerability reports within 7 days. Actual resolution times may vary depending on the complexity and severity of the issue.
- After Reporting: Once a vulnerability is reported, we will acknowledge the report and provide regular updates until the issue is resolved. If the vulnerability is accepted, it will be prioritized and patched in a timely manner. If declined, we will provide a clear reason for the decision.
Please do not disclose any security vulnerabilities publicly until they have been addressed.
Thank you for helping to keep our project secure!