If you discover a security issue, do not open a public issue with exploit details.
Please report it privately to the repository owner with:
- a short description of the issue
- affected versions or branches
- reproduction steps or proof of concept
- suggested mitigation if available
Security fixes will be reviewed privately first and disclosed publicly after a patch is available.