This project ships from main. Security fixes are applied to the latest released
images and to main; older tags are not patched.
| Version | Supported |
|---|---|
main / latest |
✅ |
| older tags | ❌ |
Please report security vulnerabilities privately — do not open a public issue, pull request, or discussion for a suspected vulnerability.
Report through GitHub's private vulnerability reporting:
- Go to the Security tab of the repository and click Report a vulnerability.
This opens a private GitHub Security Advisory visible only to you and the maintainers.
When reporting, please include:
- a description of the vulnerability and its impact,
- the affected component, endpoint, or file,
- clear steps to reproduce (proof-of-concept if available),
- any suggested remediation.
- Acknowledgement: within 3 business days of your report.
- Assessment & triage: within 7 business days, with an initial severity rating.
- Fix & disclosure: we aim to ship a fix and coordinate public disclosure within 90 days, sooner for actively exploited or critical issues.
Please give us a reasonable opportunity to remediate before any public disclosure. We will keep you informed of progress and credit you in the advisory if you wish.