This section describes which versions of the project are currently being supported with security updates.

This is open-source projects, vulnerability reports are welcome in this project Issues

A typical vulnerability report may contain a description of the vulnerability. In particular, the type of the reported vulnerability and how it might be exploited. Alternatively, a well-established vulnerability identifier, e.g. CVE number, can be used instead.

Based on the description mentioned above, one of project contributor investigates:

• Whether the reported vulnerability exists.
• The conditions that are required such that the vulnerability can be exploited.
• The steps required to fix the vulnerability.

In general, if the vulnerability exists in this project codebase itself - not in a code dependency - then contributors will, if possible, fix the vulnerability or implement reasonable countermeasures such that the vulnerability cannot be exploited anymore.