Patches for security vulnerabilities will be made available at the earliest opportunity. The versions that are eligible for such patches depend on the CVSS v4.0 severity rating:
CVSS v4.0 | Supported Versions |
---|---|
9.0-10.0 | Releases within the previous three months |
4.0-8.9 | Most recent release |
In the first instance, please report suspected security vulnerabilities using private vulnerability reporting by navigating to the "Security" tab of this repository and clicking "Report a vulnerability". Alternatively, submit your report by email to [email protected]. You should generally expect a response within 48 hours.