Please report security issues privately.

Preferred method:

1. Use GitHub Security Advisories in the affected repository (Security tab, Report a vulnerability).

If advisories are not enabled:

1. Contact the repository owner using the public contact information on their GitHub profile.
2. Provide a minimal reproduction and impact summary.

Do not open public issues or pull requests for security vulnerabilities.

We aim to address security issues in the default branch and the most recent release lines when feasible.

We will acknowledge reports as soon as possible and work with you on a coordinated disclosure timeline.