We release patches only for the following versions:

If you discover a security vulnerability, please follow these steps:

1. Do not open a public issue.
2. Send us a private report at [email protected].
3. Include as much detail as possible (steps to reproduce, affected versions, potential impact).
4. We will acknowledge your report within 48 hours, and provide a status update within 5 business days.

• We will work with you to understand and resolve the issue.
• Once a fix is released, we will credit you (if you want) in the release notes.
• Please give us reasonable time to patch before disclosing publicly.