Please report security issues privately if possible. Use GitHub's private vulnerability reporting (Security tab) if it is enabled for this repository.
If private reporting is not available, open a GitHub issue and avoid including sensitive details. A maintainer will follow up to move the discussion to a private channel.
- We aim to acknowledge reports within 7 days.
- We will work with you to validate and address the issue.
- Please allow time to investigate and release a fix before public disclosure.