By default, only the latest version of the library is supported. Security patches may be backported to older versions, but only in exceptional circumstances.

• Suspected security vulnerabilities should not be discussed publicly. Do not open an issue using the normal issue tracker.
• Create your own fork of this project
• Create a Security Advisory in your fork. Do not worry about getting all the settings correct initially.
• Grant access to my username (pjfanning) so that I can see the description of the issue and comment.
• If I accept that there is a vulnerability, I will move the Security Advisory to this project and add all the parties from the fork advisory as collaborators.
• I will try to get a fix, a release and CVE assignment done as quickly as I can.