Security fixes are provided for the latest public release line on main.

Do not open a public issue for suspected vulnerabilities.

Use GitHub's private vulnerability reporting flow for this repository when it is available. If that flow is unavailable, contact the maintainers privately on GitHub with the affected version, reproduction details, and impact.

We will acknowledge legitimate reports, work on a fix, and coordinate public disclosure after a patch or mitigation is available.