Security fixes are provided on a best-effort basis for the latest development line on main.

Please do not open a public GitHub issue for security reports.

If GitHub private vulnerability reporting is enabled for this repository, use that channel. Otherwise, contact the maintainers privately through GitHub before disclosing details publicly.

When possible, include:

• A clear description of the issue
• Reproduction steps or a proof of concept
• Impact assessment
• Any suggested remediation

We will try to acknowledge legitimate reports promptly and coordinate a fix before public disclosure when possible.