We support the latest release only.
Older releases may not get fixes. If a long-term support policy is added later, this document will be updated.
If you find a security issue, please do not open a public issue if the report includes a secret, a token, a private key, or steps that could be used to exploit a live system.
Use GitHub private vulnerability reporting if it is enabled for this repository. If it is not enabled, contact the maintainers and ask for a private way to share the report.
Please include:
- what you found
- which version or commit you tested
- how to reproduce it
- what impact you believe it has
If you already exposed a secret, rotate it right away before reporting it here.
Maintainers will review reports on a best-effort basis.
Response and fix timing can vary. This project does not promise a specific SLA or support window.