This project supports security fixes for the latest version only.
Do not report vulnerabilities in public issues or pull requests.
Report vulnerabilities privately using GitHub Security Advisories:
- clear description of the issue
- affected version or commit
- reproduction steps or proof of concept
- potential impact
- suggested mitigation (if available)
Do not disclose vulnerabilities publicly before maintainers have had a reasonable chance to investigate and mitigate.
Please do not open public GitHub issues or pull requests for unpatched vulnerabilities.
Reports are handled on a best-effort basis.
Maintainers will review submissions, assess impact, and communicate next steps when possible. No specific response time or resolution timeline is guaranteed.