Security fixes are applied on main.
Do not open public issues for suspected vulnerabilities.
Report privately using GitHub Security Advisories for this repository. If advisories are unavailable, open a private maintainer contact thread and include:
- affected commit or tag
- reproduction steps
- impact assessment
- proposed mitigation (if available)
You will receive an acknowledgment as soon as possible, followed by triage and a remediation plan.