Security updates are provided for the following versions:
| Version | Supported |
|---|---|
| 1.2.x | ✅ |
| < 1.2 | ❌ |
Please do not open a public issue for security vulnerabilities.
Report vulnerabilities privately through one of these channels:
- GitHub private vulnerability reporting (preferred): Go to the Security tab and click "Report a vulnerability" to open a private security advisory.
- Email (fallback): Contact the maintainer at ismael.marin@gmail.com.
Please include steps to reproduce, affected versions, and the potential impact.
- Acknowledgement: within 3 business days of your report.
- Initial assessment: within 7 business days.
- Fix and coordinated disclosure: we aim to release a fix and publish an advisory within 90 days, coordinating the timing with you.
We follow responsible disclosure practices and will credit reporters who wish to be acknowledged.