In general, only the latest released referencing-http
version is supported and will receive updates.
To report a security vulnerability, please send an email to Julian+Security
at GrayVines.com
with subject line SECURITY (referencing-http)
.
I will do my best to respond within 48 hours to acknowledge the message and discuss further steps.
If the vulnerability is accepted, an advisory will be sent out via GitHub's security advisory functionality.
For non-sensitive discussion related to this policy itself, feel free to open an issue on the issue tracker.