Only the latest stable release receives security updates.
| Version | Supported |
|---|---|
| 1.x | ✅ Yes |
| < 1.0 | ❌ No |
Please do not open a public GitHub issue for security vulnerabilities.
Instead, report them responsibly by emailing your-email@example.com with the subject line:
[SECURITY] <short description>
Include the following in your report:
- A description of the vulnerability and its potential impact
- Step-by-step instructions to reproduce it
- Any proof-of-concept code or screenshots
- The version(s) affected
- Acknowledgment within 48 hours
- Status update within 7 days (accepted, declined, or needs more info)
- Fix timeline communicated once the issue is confirmed
- Credit in the release notes if you'd like it (opt-in)
We ask that you give us reasonable time to address the issue before any public disclosure. We're committed to working with security researchers in good faith.
We prefer all communications in English.