We currently support the following versions of this project with security updates:

If you discover a security vulnerability, please do not create a public issue.
Instead, report it report vulnerabilities via GitHub's Private Vulnerability Reporting

Please include the following information in your report:

• A description of the vulnerability
• Steps to reproduce it (if possible)
• The impact it could have
• Any suggested fix (optional)

We aim to respond within 2 business days and resolve confirmed issues within 7–14 days, depending on severity.

1. You report the vulnerability confidentially.
2. We acknowledge receipt and begin investigation.
3. We work on a fix and prepare a patch release.
4. We may coordinate with the reporter on credit (optional).
5. The fix is released, and we publish a disclosure if appropriate.

• We support coordinated disclosure.
• Please give us reasonable time to resolve the issue before any public disclosure.
• We will acknowledge reporters who help improve project security (unless anonymity is requested).