Patches for security vulnerabilities will be made available at the earliest opportunity. The versions that are eligible for such patches depend on the CVSS v3.1 severity rating:

In the first instance, please report suspected security vulnerabilities using private vulnerability reporting by navigating to the Security tab of this repository and clicking "Report a vulnerability". Alternatively, submit your report by email to [email protected]. You should generally expect a response within 48 hours.