Security fixes are applied to the latest version on the default branch.

Please do not open public issues for security vulnerabilities.

Instead:

1. Open a private GitHub security advisory if enabled for this repository.
2. If advisories are not enabled, contact the maintainers directly with:
   • vulnerability description
   • impact assessment
   • reproduction steps
   • suggested fix (if available)

We will acknowledge valid reports as quickly as possible and coordinate disclosure once a fix is available.

• Give maintainers reasonable time to investigate and patch.
• Avoid public disclosure until a fix or mitigation is ready.