We support the most recent major release version.
Older major versions may not receive security updates.

If you discover a security vulnerability in this project:

• Please use GitHub’s private vulnerability reporting.
  This ensures the report is only visible to maintainers until a fix is released.
• Provide as much detail as possible, including steps to reproduce and any relevant context.
• Public issues should not be used for reporting vulnerabilities.

Reports may include vulnerabilities in:

• The base image and its configuration
• Dependencies bundled in the image
• Scripts and tooling provided by this project

• We review all reports in good faith and take appropriate action where necessary.
• Once a fix is available, we will publish a new release and update the changelog.
• Credit will be given to reporters who responsibly disclose issues.