Please report security vulnerabilities privately.

Use GitHub "Report a vulnerability" (Private Vulnerability Reporting).

We aim to respond within 72 hours, and provide a fix or mitigation plan as soon as possible.

We support the latest released minor version (and the latest patch of older minors when feasible).