Please report security vulnerabilities through GitHub Security Advisories.

Do not open a public issue for security vulnerabilities.

We will acknowledge receipt within 3 business days and aim to provide a fix or mitigation plan within 14 days.

• We follow coordinated disclosure.
• Once a fix is released, we will publish a security advisory on GitHub.