If a security issue occurs, only the latest versions of v3.x and v2.x are guaranteed to be patched. Consideration will be given to updating the v1.x line, however this is not guaranteed.

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.