Please do not open public issues for security vulnerabilities.
Instead, report privately to the maintainers with:
- A clear description of the issue
- Reproduction steps or proof of concept
- Impact assessment
- Suggested remediation (if known)
We aim to acknowledge reports within 3 business days and provide a mitigation or fix timeline after triage.
Until versioned releases are established, security fixes are applied to the default branch only.