Security Policy

Supported Versions

| Version | Supported | Tidelift Only [^1] | |---------|--------------------|----------------------------------------------------------------------------------------------------| | 2.1.x | :white_check_mark: | No | | 2.0.x | :white_check_mark: | No | | 1.3.x | :x: | Yes | | 1.2.x | :x: | Yes | | 1.1.x | :x: | Not Maintained | | 1.0.x | :x: | Not Maintained |

Reporting a Vulnerability

If there are any vulnerabilities discovered within Utility, please do not hesitate to _report them_.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. If you have a fix for the issue, that is most welcome -- please attach or summarize it in your message!

I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.

Please do not disclose the vulnerability publicly until a fix is released!

Once either a) a fix has been published, or b) I have declined to address the vulnerability for whatever reason, you are free to publicly disclose it.

[^1] Tidelift Subscribers

Any packages marked as Yes under Tidelift Only in the Supported Versions table above means that particular version will only receive updates for Tidelift Subscribers.

If you're a Tidelift subscriber, please use this route instead:

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.