Currently there is not a published release version as the foundation interface is currently under development. I can guarantee to you that the XZReader and XZWriter Go interface will not be changing, and these comply and implement their respective io.Reader and io.Writer types they expose.

Please report a vulnerablilty using a public GitHub issue. If you are unsure if the vulnerability is related to liblzma you can report it to here and also to the maintainer of liblzma.

If you are proposing a patch along with your issue report please make sure your PR is tied to the GitHub issue.