The project follows a simple minor-based support policy:
- Current minor (latest published 0.2.x) – Full support (features, security, critical bug fixes).
- Previous minor (0.1.x) – Security fixes only for 30 days after the first 0.2.x release, then End-of-life (EOL).
- Older / unsupported versions – No fixes; please upgrade.
| Version | Release Date | Status | Support Ends | Notes |
|---|---|---|---|---|
| 0.2.6 | 2025-08-16 | Supported | When 0.3.0 releases | Latest with enterprise analytics suite and comprehensive feature set |
| 0.2.5 | 2025-08-15 | Superseded | 2025-09-15 (30 days after 0.2.6) | Upgrade to 0.2.6 for new analytics features |
| 0.2.4 | 2025-08-14 | Superseded | 2025-09-15 (30 days after 0.2.6) | Upgrade to 0.2.6 |
| 0.2.3 | 2025-08-13 | Superseded | 2025-09-15 (30 days after 0.2.6) | Upgrade to 0.2.6 |
| 0.2.2 | 2025-08-13 | Superseded | 2025-09-15 (30 days after 0.2.6) | Upgrade to 0.2.6 |
| 0.2.1 | 2025-08-13 | Superseded | 2025-09-15 (30 days after 0.2.6) | Upgrade to 0.2.6 |
| 0.2.0 (<0.2.1) | (n/a) | Not released | n/a | Patch numbers prior to 0.2.1 were not published |
| 0.1.1 | 2025-08-13 | EOL | 2025-09-12 (30 days after 0.2.2) | Last 0.1 patch; no further fixes after date |
| 0.1.0 | 2025-08-13 | EOL | 2025-08-13 | Superseded same day by 0.1.1 |
Future versions will be appended with their lifecycle as they are released.
| Category | Response Target |
|---|---|
| Critical (RCE, data loss) | Patch or mitigation within 7 days |
| High (privilege escalation, widespread breakage) | Patch within 14 days |
| Moderate (DoS, information disclosure) | Patch in next minor/patch (≤30 days) |
| Low (non-exploitable, hard-to-abuse) | Discretionary / next scheduled release |
If a fix cannot meet the target window, an advisory with recommended mitigations will be published.
Always upgrade to the latest patch of the current minor. Skipping minors is supported (0.1.x → 0.2.x) as breaking changes will be documented in the changelog if introduced.
Open a private security advisory or email the maintainer (see repository profile). Provide:
- Affected version(s)
- Reproduction steps
- Potential impact / severity assessment
- Suggested fix (if known)
Please allow up to 72 hours for initial response.
We aim to release a patch within 14 days for high severity issues. Public disclosure will occur after a fix is available.