Only versions 1.x and higher are supported. Versions 0.x are considered unstable.

Please report security vulnerabilities by filling out the form on GitHub.

See: 🔗 Privately reporting a security vulnerability

In short:

1. On GitHub, navigate to the main page of the repository
2. Under the repository name, click the Security and quality tab
3. Click Report a vulnerability to open the advisory form
4. Fill in the advisory details form
5. At the bottom of the form, click Submit report

Normally, your report will be acknowledged within 5 days and you will receive a more detailed response to your report within 10 days. These timelines are best-effort.

This project does not have a bug bounty program.

Security vulnerabilities in dependencies should be reported to their respective maintainers.

Disclosure is handled on a case-by-case basis depending on the severity of the reported vulnerability.