# Security Policy
## Reporting a vulnerability
Please do NOT open a public issue for security-sensitive reports.
Report a suspected vulnerability privately through GitHub's "Report a
vulnerability" advisory flow on this repository (Security tab), or by contacting a
maintainer directly. Include a description, affected versions if known, and a
reproduction if you have one.
We aim to acknowledge a report promptly, agree on a disclosure timeline, and credit
reporters who wish to be named once a fix ships.
## Supported versions
Until a stable 1.0, security fixes land on the latest published version; upgrade to
the newest release to receive them.