When a new minor version (1.x
) is released, the previous one will continue to receive security and bug fixes for at least 3 months.
When a new major version is released (1.0
, 2.0
, etc), the previous one (0.19.x
) will receive bug fixes for at least 3 months and security updates for 6 months after that new release comes out.
(This policy may change in the future and exceptions may be made on a case-by-case basis.)
If you discover a security vulnerability within this package, please directly email Tom Sapletta at [email protected]. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced.
please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.