Please do not report security vulnerabilities in public issues.

Use GitHub private vulnerability reporting if it is available for this repository.

If private vulnerability reporting is not available, open a public issue that asks for a secure reporting channel without disclosing vulnerability details.

Please include:

• affected version or commit;
• operating system and deployment context;
• steps to reproduce;
• expected and actual behavior;
• any logs, config snippets, or proof-of-concept details needed to understand the issue.

The maintainer will review reports as quickly as practical and coordinate a fix and disclosure path based on severity and impact.

Please give the maintainer a reasonable opportunity to address the issue before public disclosure.