The latest patch version of the 9.x release series is supported for security updates.

PHPCompatibility is a developer tool and should generally not be used in a production environment.

Having said that, responsible disclosure of security issues is highly appreciated.

Please do not report or discuss security vulnerabilities through public GitHub issues, discussions, or pull requests.

Issues can be reported privately to the maintainers by opening a Security vulnerability report.

• Please provide detailed reports with reproducible steps and a clearly defined impact.
• Include the version number of the vulnerable package in your report.
• Fixes are most welcome. A private PR can be created from the security report to work on and discuss the patch.