# Security Policy

## Supported Versions

The following table lists versions and whether they are supported. Security
vulnerability reports will be accepted and acted upon for all supported
versions.

| Version | Supported          |
| ------- | ------------------ |
| 3.10.x  | :white_check_mark: |
| 3.9.x   | :white_check_mark: |
| 3.8.x   | :x:                |
| 3.7.x   | :x:                |
| 3.6.x   | :x:                |
| 3.5.x   | :x:                |
| < 3.5   | :x:                |


## Reporting a Vulnerability


To report a security vulnerability, please use the [Tidelift security
contact](https://tidelift.com/security).  Tidelift will coordinate the fix and
disclosure.

If you have found a security vulnerability, in order to keep it confidential,
please do not report an issue on GitHub.

We do not award bounties for security vulnerabilities.