We will support the current major release as well as the previous major release branch for all critical secrity fixes, while still following semantic version standards.
This means if the latest version is 4.x.x
, we will add a hot fix to the 3.x.x
branch, but not the 2.x.x
branch or anything older.
If there is a published security issue with one of our dependencies that has a fix released, please create an issue or pull request with the required change.
Please report any other security issues by sending an email to oss@expediagroup.com.