Only the latest main branch and the latest published crate release are supported.

Please do not open public issues for security reports.

Use one of these channels:

1. GitHub Security Advisories for this repository (preferred).
2. A private email to the maintainer listed in README.md.

Include reproduction steps, impact, and affected version/tag if known.

1. Report is acknowledged.
2. Impact and exploitability are validated.
3. A fix is prepared and tested.
4. A patched release tag is published.
5. Public disclosure follows once users can upgrade safely.