You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By default, only the latest version of the library is supported. Security patches may be backported to older versions, but only in exceptional circumstances.
6
+
7
+
## Reporting a Vulnerability
8
+
9
+
* Suspected security vulnerabilities should not be discussed publicly. Do not open an issue using the normal issue tracker.
10
+
* Create your own fork of this project
11
+
* Create a [Security Advisory](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory) in your fork. Do not worry about getting all the settings correct initially.
12
+
*[Grant access](https://docs.github.com/en/code-security/security-advisories/adding-a-collaborator-to-a-security-advisory) to the my username (pjfanning) so that I can see the description of the issue and comment.
13
+
* If I accept that there is a vulnerability, I move the Security Advisory to this project and add all the parties from the fork advisory as collaborators.
14
+
* I will try to get a fix, a release and CVE assignment done as quickly as I can.
0 commit comments