Security updates are applied only to releases under development. Normally there is only one release under active development (the default branch).

If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.

Please disclose it at our security advisory.

This project is maintained by a small team of volunteers. As such, vulnerabilities will be handled and disclosed on a best efforts basis.