Please do not open public issues for security vulnerabilities.
Report privately to the maintainers with:
- A clear description of the issue
- Reproduction steps or proof of concept
- Impact assessment
- Suggested remediation (if known)
We aim to acknowledge reports within 3 business days and provide mitigation guidance after triage.
Security fixes are applied to the latest release and main branch.