If you discover a security vulnerability, please report it to us by opening a blank issue.

If you prefer to make a confidential disclosure, please use the blank issue to make a security contact request. Be sure to include your contact details so that we can follow up with you privately.

We take all security vulnerabilities seriously and will address them promptly.

If a security vulnerability is reported or discovered, we will endeavor to publish fixes as patches to both the current release series and its immediate predecessor. For example, if the current release is 3.3.3 and the predecessor is 3.2.3, we would release versions 3.3.4 and 3.2.4.

We will notify users of security updates through our standard project communication channels.