Security fixes are applied to the current development branch of this repository (e.g. 5.x) and released via Composer as new patch/minor versions as appropriate. Older series may not receive backports unless explicitly stated in a release.
Please do not use the public issue tracker for undisclosed security issues.
Instead, report them privately to:
104441723+AzGasim@users.noreply.github.com
Include:
- A short description of the issue and its impact
- Steps to reproduce (or a proof of concept), if possible
- Affected versions or branches, if known
We will aim to acknowledge receipt and coordinate a fix and disclosure timeline with you.
If GitHub private vulnerability reporting is enabled for this repository, you may use that flow instead of email.