We take security vulnerabilities seriously. If you discover a security issue, please bring it to our attention right away!
Please DO NOT file a public issue. Instead, report security vulnerabilities through GitHub's private vulnerability reporting feature.
Your report should include:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Suggested fix (if any)
After you've submitted your report:
- You'll receive an acknowledgment within 24 hours
- We'll investigate and keep you updated on our findings
- Once we've determined the impact and resolution:
- We'll patch the vulnerability
- We'll make an announcement to the community if warranted
- You'll be credited for the discovery (unless you prefer to remain anonymous)
When we receive a security bug report, we will:
- Confirm the problem and determine affected versions
- Audit code to find any similar problems
- Prepare fixes for all supported versions
- Release patches as soon as possible
If you have suggestions on how this process could be improved, please submit a pull request.
| Version | Support |
|---|---|
0.4.0 |
✅ |
| `> 0.4.0' | ❌ |
| Symbol | Meaning |
|---|---|
| ✅ | Supported |
| ❌ | Not Supported |
| 🧪 | Experimental |
| 🚧 | In Development |