We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:

If you discover a security vulnerability within this package, please send an email to Rumen Damyanov at security@rumenx.com. All security vulnerabilities will be promptly addressed.

Please do not create GitHub issues for security vulnerabilities.

• A clear description of the vulnerability
• Steps to reproduce the issue
• Any potential impact of the vulnerability
• If possible, a suggested fix or patch

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
• Initial Assessment: We will provide an initial assessment within 5 business days.
• Resolution: We aim to resolve critical vulnerabilities within 30 days.

We follow responsible disclosure practices:

1. We will work with you to understand and validate the vulnerability
2. We will develop and test a fix
3. We will release the fix and publicly disclose the vulnerability
4. We will credit you for the discovery (unless you prefer to remain anonymous)

Thank you for helping keep this project and its users safe!