Please report security issues responsibly and privately.

We support the latest main branch and the most recent tagged release (if any).

1. Do not open a public issue for security matters.
2. Email the maintainers at: security@invalid.example (replace with your contact)
3. Include:
   • A detailed description of the issue and its impact
   • Steps to reproduce or a proof of concept
   • Affected versions and platforms
4. We will acknowledge receipt within 5 business days and keep you informed of progress.

We prefer coordinated disclosure. Once a fix is available, we will publish a short advisory and credit reporters who wish to be acknowledged.