This projects follows semantic versioning.

Security fixes are applied to the latest major version, as well as previous major versions for two years after the first release in its series.

To report a security vulnerability, use the Report a Vulnerability form on GitHub, which will deliverd privately to the maintiners for review. Please do not use public forums like GitHub Issues and Discussions to discuss vulnerabilities or sensitive issues.

We’ll work with you to make sure we understand the issue and address it. Our security team will respond to your report within one day and provide regular updates throughout any remediaton process.

If your report is accepted as valid, we will provide an acknowledgement in this SECURITY.md file if you would like to be listed.

Note: We appreciate reports for any and all security issues, but we reserve listings for people who have disclosed unknown vulnerabilities of high or critical severity, or have helped us in an ongoing manner.