Please do not disclose vulnerabilities in public issues, PRs, or
discussions. Prefer GitHub's private vulnerability reporting (Security tab →
"Report a vulnerability"); if that is unavailable, contact the maintainer via
the contact information in their public profile and include Cheers security
in the title.
The full policy (supported versions, what to include in a report, deployment security checklist) lives at docs/governance/SECURITY.md / 中文.