Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them privately via the GitHub Security Advisory feature on this repository. The advisory remains private until a fix is published.

• Type of vulnerability
• Steps to reproduce
• Impact assessment
• Suggested fix (if any)

• Acknowledgment: Within 48 hours
• Initial assessment: Within 1 week
• Fix or mitigation: Depends on severity

We appreciate responsible disclosure and will credit reporters in the security advisory (unless you prefer to remain anonymous).