Thanks for taking the time to engage with the project! We believe in the concept of coordinated disclosure and currently expect a 60 day grace period for resolution of any outstanding issues.
Typically, only the most recent release and current HEAD of the main branch will be supported.
Please log a security-template issue on Github and directly contact one of the core team members via email:
We will endeavour to respond to your request as soon as possible.
No bounties are available, but acknowledgement will be made if you like.