Security fixes are provided for the latest public release line on main.

Do not open a public issue for suspected vulnerabilities.

Use GitHub's private vulnerability reporting flow for this repository when it is available. If that flow is unavailable, contact the maintainers privately on GitHub with the affected package, version, reproduction details, and impact.

We will validate the report, prepare a fix, and coordinate disclosure after the fix is available.