Only the latest main branch is supported with security updates.

Please DO NOT file a GitHub issue about security issues. GitHub issues are public. Filing an issue about a security issue puts all users, you included, in immediate danger.

Please use my contact form to send me a private notification about the security issue. I strongly recommend using GPG to encrypt your email. You can find my public PGP key at my site's About Me page.

Please include instructions to reproduce the security issue. Better yet, please include Proof Of Concept code if applicable.

I aim to reply within a business week (5 working days excluding bank holidays). I request a period of 60 to 90 calendar days since I receive adequate information to reproduce the issue before public disclosure, so I have time to address the security issue, publish a new version and make sure everyone is updated.

This is my personal project. I am not a big company. I do not have the budget for a bug bounty or any other kind of compensation for security researchers reporting security issues. I will, however, publicly credit you for the discovery of the security issue in my release notes and announcement of the security release.