We actively maintain the current release line and the versions covered by the repository's compatibility matrix.
Security fixes are prioritized for supported versions. Older releases may receive best-effort fixes when practical, but they should not be assumed to get backports.
Please report suspected vulnerabilities privately through GitHub's "Report a vulnerability" flow in the repository's Security tab.
If GitHub private reporting is unavailable, contact datwiwi@gmail.com.
Do not open a public issue or pull request for a security report.
We try to acknowledge private reports within 3 business days.
For confirmed issues, we aim to provide a mitigation or fix within 14 days for high-impact findings, and we will keep reporters updated if more time is needed.