Fixes for security vulnerabilities are applied to any applicable branch/release series that is in the Next-Gen, Active, Maintenance, or Extended support category.
Vulnerabilities can be reported in one of the following ways:
- E-mail the project admin. You can optionally encrypt the e-mail using the provided public GPG key.
- Open a GitHub draft security advisory.
- Alpha/Evolving, Beta, and Post-Beta release series are not expected to be free of bugs, so vulnerabilities that affect only those release series (for example, vulnerabilities introduced by a new feature that is not present in a Stable release series) can optionally be reported using a GitHub bug report.