# Security Policy

## Supported Versions

We will support the current major release as well as the previous major release branch for all critical secrity fixes, while still following [semantic version standards](https://semver.org/).

This means if the latest version is `4.x.x`, we will add a hot fix to the `3.x.x` branch, but not the `2.x.x` branch or anything older.

## Reporting a Vulnerability

If there is a published security issue with one of our dependencies that has a fix released, please create an issue or pull request with the required change.

Please report any other security issues by sending an email to oss@expediagroup.com.