Only listed versions receive active support, and $HEAD may be changed at any time prior to a release.

Where the vulnerability may contain sensitive information, disclosures should be sent by e-mail to [email protected], with the project name and supported release in the subject.

Otherwise, if the vulnerability is unlikely to present a wide-scale attack, please raise an Issue.

If in doubt, e-mail [email protected].