Security fixes are generally applied to the latest published version and the current master branch.
Please do not open public issues for security problems.
Instead:
- use GitHub private vulnerability reporting if available
- or contact the repository owner privately
When reporting a vulnerability, include:
- what component is affected
- how to reproduce it
- possible impact
- any suggested mitigation if you have one
We will review reports as quickly as possible and coordinate a fix before public disclosure when appropriate.