Report security issues privately through GitHub Security Advisories on this repository (the Security tab -> Report a vulnerability). Please do not open a public issue for a suspected vulnerability.
Expect an acknowledgement within a few business days; we will coordinate a fix and a disclosure timeline with you.
Security fixes target the latest released major version of manager.