Please, report any security issue to [email protected]
where the issue will be triaged appropriately.
If you know of a publicly disclosed security vulnerability please IMMEDIATELY email [email protected]
to inform the team about the vulnerability, so we may start the patch, release, and communication process.
If the vulnerability is found in the latest stable release, then it would be fixed in patch version for that release. E.g., issue is found in 2.5.0 release, then 2.5.1 version with a fix will be released. By default, older versions will not have security releases.
If the issue doesn't affect any existing public releases, the fix for medium and high issues is performed in a main branch before releasing a new version. For low priority issues the fix can be planned for future releases.