We aim to support the latest minor release on the current major.

• Active: latest ^1.x on PHP 8.4+
• Older versions may receive security fixes on a best-effort basis.

Please email security reports to [email protected]. Include:

• A detailed description of the issue
• Steps to reproduce or a PoC
• Impact assessment
• Suggested remediation (if known)

We will acknowledge receipt within 72 hours and work with you on a fix and coordinated disclosure.