Security fixes are applied to the latest code on the default branch.
Please do not disclose vulnerabilities publicly before a fix is available.
To report a vulnerability:
- Prefer GitHub private vulnerability reporting (Security Advisory) if enabled.
- Otherwise, contact the maintainer directly on GitHub:
@minorcell.
When reporting, include:
- A clear description of the issue.
- Steps to reproduce or a proof of concept.
- Potential impact and affected components.
- Suggested mitigation if available.
- We will acknowledge reports as soon as possible.
- We will validate, triage severity, and work on a fix.
- We will coordinate disclosure timing with the reporter when possible.