Please do not report security vulnerabilities through public GitHub issues.
To report a security issue privately, use GitHub's private vulnerability reporting.
Include as much of the following information as possible:
- Type of issue (e.g. DNS poisoning, MITM, information leak)
- Affected component and version
- Steps to reproduce
- Potential impact
You will receive a response within 7 days. We aim to release a fix within 30 days of confirmation.
Only the latest release is actively supported with security fixes.