When a new minor version (1.x) is released, the previous one will continue to receive security and bug fixes for at least 3 months.

When a new major version is released (1.0, 2.0, etc), the previous one (0.19.x) will receive bug fixes for at least 3 months and security updates for 6 months after that new release comes out.

(This policy may change in the future and exceptions may be made on a case-by-case basis.)

If you discover a security vulnerability within this package, please directly email Colin O'Dell at colinodell@gmail.com. All security vulnerabilities will be promptly addressed. Please do not disclose security-related issues publicly until a fix has been announced.