Currently, all major versions of this project are being supported with security updates.

Please do not report security vulnerabilities through public GitHub issues or discussions.

If you discover a security vulnerability in this project, please responsibly disclose it by sending an email privately to colinxu2020@gmail.com.

Once you have submitted your report, here is the process and what you can expect:

• Initial Response: I promise to acknowledge and respond to your report within 7 days.
• Resolution & Fix: If the vulnerability is confirmed, I will work to publish a fix/patch within 14 days of the initial report.
• If Accepted: If your vulnerability report is accepted and results in a fix, I will publicly acknowledge and thank you for your contribution in the corresponding Release Notes and the project's README.
• If Declined: If the report is declined (for example, if it is determined not to be a valid security issue), I will still reply to you with a clear and detailed explanation of why it was rejected.

Thank you for helping keep this project safe!