Security fixes are provided for the main branch.

Please do not open a public issue for security vulnerabilities.

Preferred process:

1. Use GitHub private vulnerability reporting (if enabled for this repository).
2. If private reporting is not available, contact maintainers privately via GitHub.
3. Include reproduction steps, impact, and affected files/scripts.

• Clear vulnerability description
• Steps to reproduce
• Expected vs actual behavior
• Suggested mitigation (if available)
• Environment details (OS, shell, tool versions)

• Initial triage target: within 7 days
• Remediation timeline depends on severity and maintainers availability

• Never include access tokens, credentials, or personal data in reports.
• Redact logs before sharing.