To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. This project follows a 90 day disclosure timeline.

Security and bug fixes are generally provided only for the latest minor version. Fixes are released either as part of the next minor version or as an on-demand patch version.

Security fixes are given priority and might be enough to cause a new version to be released.