This library is configured with automated code scanning tools which check the code and all of it's dependencies against known vulnerabilities.

Code is never released until it has passed all security checks. Vulnerability alerts are dealt with as soon as reasonably possible and fixes resulting from them are released immediately after.

Only the latest version of the library is officially supported. The library is maintained by a small team and doesn't have the scope to maintain legacy versions. Security fixes will be rolled out and released on a regular basis, so it can be assumed that the latest version is always the most secure.

If you really need security fixes for an old version of the library, report them here and a patch version will be released if it is doable.

Create a Github issue detailing the issue, with links to any relevant CVE reports.

We cannot guarantee that all issues will be dealt with, we reserve the right to accept and reject reports based on their severity and perceived impact.