Security fixes are provided for the current deployed site on main.

Do not open a public issue for suspected vulnerabilities.

Use GitHub's private vulnerability reporting flow for this repository when it is available. If that flow is unavailable, contact the maintainers privately on GitHub with the affected page, reproduction details, and impact.

We will validate the report, deploy a fix or mitigation, and then coordinate public disclosure.