Please do not open public issues for security vulnerabilities.

Use GitHub private security advisories:

• Security tab in the repository
• Report a vulnerability

Include:

• A clear description of the issue
• Steps to reproduce
• Potential impact
• Suggested mitigation (if known)

• We aim to acknowledge reports within 72 hours.
• We will investigate and provide status updates as fixes progress.
• Valid reports will be remediated as quickly as possible based on severity.