Security fixes are provided for the current main branch.

Please do not post detailed vulnerability reports in public issues.

Preferred reporting paths:

1. Use GitHub private vulnerability reporting for this repository (if available).
2. If private reporting is unavailable, open a public issue titled Security Contact Request without exploit details, and include only:
   • affected file/path
   • high-level impact
   • how to contact you

The maintainer will follow up with a private channel for full details.

• Give maintainers reasonable time to investigate and patch before public disclosure.
• Include clear reproduction steps and scope where possible.
• Reporters acting in good faith will be acknowledged.