The most recent major version of Sanitize will receive security updates when necessary. Updates may be made available for older versions on a case by case basis, but this will typically depend on community contributions since maintainer time is limited and backporting changes to older versions can be challenging.

To report a security vulnerability in Sanitize, please email ryan@wonko.com. Please don't PGP-encrypt your email; that's not necessary, and encrypted emails will not be read.

Expect an acknowledgement of your report within 48 hours. If the vulnerability is confirmed, every effort will be made to release a fix as soon as is practical depending on the severity and complexity of the issue. Once a solution is available, the vulnerability will be publicly disclosed and (if desired) you will be credited for finding and reporting it.