Security fixes are applied to the default branch with the latest release state.
Please do not report security vulnerabilities through public GitHub issues.
Instead, report privately by contacting the maintainers through your repository security reporting channel (GitHub private vulnerability reporting, if enabled) or direct maintainer contact.
When reporting, include:
- A clear description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested mitigation (if known)
We will acknowledge reports as quickly as possible and aim to provide an initial assessment within 72 hours.