Security Policy

Supported Versions

We generally support the latest minor release of the project. Security fixes will be backported at our discretion.

Reporting a Vulnerability

Please do not create a public issue for security vulnerabilities. Instead, email the maintainers at security@leighton.com or use GitHub's private security advisories. We'll acknowledge receipt within 2 business days and provide a timeline for a fix once triaged.

Disclosure

After a fix is released, we'll credit reporters (if desired) in the release notes.

Supported Versions​

Reporting a Vulnerability​

Disclosure​

Supported Versions

Reporting a Vulnerability

Disclosure