The following versions of the project are currently being supported with security updates:
| Version | Supported |
|---|---|
| 4.0.x | ✅ |
| < 4.0 | ❌ |
If you find a security vulnerability in the project, please report it to the security team.
When reporting a vulnerability, please include the following information:
- A description of the vulnerability.
- Steps to reproduce the vulnerability.
- Any other relevant information.
The security team will investigate the vulnerability and take appropriate action. You will be notified of the outcome of the investigation.
When you report a vulnerability, the security team will respond within 72 hours. In case the vulnerability is critical, they will respond within 1 hour.
The security team will take appropriate action to mitigate any reported vulnerabilities. Such things may include:
- Patching the vulnerability.
- Releasing a new version of the project.
- Disclosing the vulnerability to the public.
The security team appreciates your help in keeping the project secure. If you have any questions, please contact the security team.
For more information on the organization-wide security policy, please see the following document: