Please report security issues privately.

Preferred: GitHub Security Advisories

1. Go to the repository Security tab.
2. Click Report a vulnerability.
3. Provide steps to reproduce and impact details.

If you cannot use GitHub Advisories, open a private discussion with maintainers through GitHub and mark it as security-sensitive.

• We aim to acknowledge reports within 7 days.
• We will share a remediation plan or status update as soon as possible.

We support the latest main branch. If you need a fix for a prior release, please include that in your report.