The main branch is the active development branch. Security fixes are applied there.

• Prefer GitHub private vulnerability reporting if enabled on the repository.
• If private reporting is unavailable, open a new issue with minimal details and request a maintainer to enable private reporting; avoid posting exploit details publicly.
• Do not include secrets or personal data in reports.

We aim to acknowledge reports within 5 business days.