Security fixes are applied to the latest master and the most recent stable
release. Older releases are not maintained.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately using GitHub's private vulnerability reporting ("Report a vulnerability" under the repository's Security tab). This lets us discuss and fix the issue before it is disclosed publicly.
Please include:
- A description of the vulnerability and its impact
- Steps to reproduce, or a proof of concept
- Affected version(s), device, and build target if known
We will acknowledge your report as quickly as we can and keep you updated on the progress toward a fix. Once resolved, we are happy to credit you in the advisory unless you prefer to remain anonymous.