Security Policy
Supported Versions
| Version | Supported | Tidelift Only [^1] |
|---|---|---|
| 2.1.x | ✅ | No |
| 2.0.x | ✅ | No |
| 1.3.x | ❌ | Yes |
| 1.2.x | ❌ | Yes |
| 1.1.x | ❌ | Not Maintained |
| 1.0.x | ❌ | Not Maintained |
Reporting a Vulnerability
If there are any vulnerabilities discovered within Utility, please do not hesitate to report them.
To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. If you have a fix for the issue, that is most welcome -- please attach or summarize it in your message!
I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.
Please do not disclose the vulnerability publicly until a fix is released!
Once either a) a fix has been published, or b) I have declined to address the vulnerability for whatever reason, you are free to publicly disclose it.
[^1] Tidelift Subscribers
Any packages marked as Yes under Tidelift Only in the Supported Versions table above means that particular version will only receive updates for Tidelift Subscribers.
If you're a Tidelift subscriber, please use this route instead:
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.