Security fixes are applied to the latest release branch on a best-effort basis.
Please do not open public issues for security vulnerabilities.
Use one of these channels:
- Open a private GitHub security advisory (preferred)
- Contact the maintainer privately through repository contact channels
When reporting, include:
- Affected version/commit
- Reproduction steps
- Impact assessment
- Suggested fix (if available)
We will acknowledge the report as soon as possible and coordinate disclosure after a fix is available.