Until a 1.0 release exists, security fixes target the latest release and the main branch.
Older 0.x releases are not supported unless the maintainers explicitly state otherwise.
Do not open a public GitHub issue for a suspected vulnerability.
Use GitHub private vulnerability reporting for this repository. If private reporting is not enabled, contact a maintainer privately and include:
- the affected crate or module,
- the impact and required attacker capabilities,
- reproduction steps or a minimal proof of concept,
- any known mitigations.
The maintainers will assess scope, prepare a fix, and coordinate disclosure when appropriate.