Security updates are applied only to the most recent releases.
To securely report a vulnerability, please open an advisory on GitHub.
- Your report will be acknowledged within seven business days.
- The team will investigate and update the issue with relevant information.
- If the team does not confirm the report, no further action will be taken and the issue will be closed.
- If the team confirms the report, the team will take action to fix it immediately:
- Commits will be handled in a private repository for review and testing.
- Release a new patch version from the private repository.
- Write a blog post disclosing the vulnerability.