Please do not open a public issue for security vulnerabilities.

Instead, report privately via GitHub Security Advisories so the issue can be triaged and patched before disclosure.

Only the latest released version receives security fixes. Older tags (v1.x.y) remain available on Docker Hub for reproducibility but are not patched.