Only the latest MINOR version (MAJOR.MINOR.PATCH) is officially supported. However, in the case of a major security vulnerability, a patch may be backported to earlier versions as well.

Please report any found vulnerability using the GitHub private vulnerability reporting tool, available under the Security tab. Please allow for up to 30 days for the vulnerability to be fixed. If after this time the issue has not been acknowledged, please feel free to disclose it openly, for example via RustSec.

Your report should contain affected verion(s), a description of the issue, and way to reproduce the issue if applicable. You are welcome to suggest solutions to the issue. If you do not want to be credited with the finding, please state so in your report.