When a new minor version (5.x
) is released, the previous one will continue to receive security and bug fixes for at least 3 months.
When a new major version is released (4.0
, 5.0
, etc), the previous one will receive bug fixes for at least 3 months and security updates for 6 months after that new release comes out.
(This policy may change in the future and exceptions may be made on a case-by-case basis.)
If you discover a security vulnerability within this package, please use the Tidelift security contact form or email Colin O'Dell at colinodell@gmail.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced.