blob: 5741abb4a7f45769f1266b8fa74e308c4edd08d8 (
plain) (
tree)
|
|
# SECURITY POLICY
## Supported Versions
When a new **minor** version (`5.x`) is released, the previous one will continue to receive security and bug fixes for *at least* 3 months.
When a new **major** version is released (`4.0`, `5.0`, etc), the previous one will receive bug fixes for *at least* 3 months and security updates for 6 months after that new release comes out.
(This policy may change in the future and exceptions may be made on a case-by-case basis.)
## Reporting a Vulnerability
If you discover a security vulnerability within this package, please use the [Tidelift security contact form](https://tidelift.com/security) or email Colin O'Dell at <colinodell@gmail.com>. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced.
|