Security fixes will be backported to the most recent three minor version lines.
Please report security bugs by filing a github issue, or by email to jbp@jbp.io if you want to disclose privately. I'll then:
- Prepare a fix and regression tests.
- Backport the fix and make a patch release for most recent release.
- Submit an advisory to rustsec/advisory-db.
- Refer to the advisory on the main README.md and release notes.
If you're looking for security bugs, this crate is set up for
cargo fuzz
but would benefit from more runtime, targets and corpora.