We value responsible disclosure and the safety of our users.

• Email the maintainers using the contact in this repository’s metadata or open a private, security‑labeled issue if available.
• Provide a detailed description, steps to reproduce, and affected versions.
• Do not create public issues or pull requests that include exploit details.

We will acknowledge reports within 72 hours and provide a timeline for remediation when possible.

• Please do not disclose the issue publicly until a fix is available and users have had a reasonable time to update.
• Coordinated disclosure is appreciated.

This is an active repository; we support the latest main branch and the most recent tagged release. Security fixes may be backported at the maintainers’ discretion.