The following major versions are currently supported with security updates.

End-of-life for the current release will be determined prior to the release of its successor.

Vulnerabilities must be reported using the project's security advisory.

All vulnerability reports MUST be submitted through the channel listed above. This allows the maintainers to assess the report, collaborate on remediation, and coordinate disclosure in a responsible manner.

CVE identifiers for confirmed vulnerabilities will only be requested by the maintainers through the GitHub Security Advisory process. Vulnerability reports submitted directly to third-party CVE Numbering Authorities (CNAs), such as MITRE, without first being reported and confirmed through this project's documented channel will be considered as not following the coordinated disclosure process. The maintainers reserve the right to request rejection or dispute of any CVE entry that was assigned without prior coordinated disclosure with the project.