If you find a significant vulnerability, or evidence of one, please report it privately.

We prefer that you use the GitHub mechanism for privately reporting a vulnerability. Under the main repository's security tab, click "Report a vulnerability" to open the advisory form.

We will acknowledge your report within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.