Report security vulnerabilities privately via GitHub's Report a vulnerability form.
Please do not disclose exploit details in a public issue. We aim to acknowledge reports within 72 hours and to ship a fix or mitigation as soon as practical.
The latest release on the default branch is supported. Older tagged releases are best-effort.