Please report security issues privately.

• Email: security@flux-lang.org (TODO: replace with the official security contact.)
• Subject: "Flux security report"

If GitHub Security Advisories are enabled for this repo, you may also use the "Report a vulnerability" button in the Security tab.

• A clear description of the issue and impact.
• Steps to reproduce or a proof-of-concept.
• Affected package(s) and versions (if known).
• Any relevant logs, screenshots, or crash output.

We will acknowledge receipt as soon as possible and make a best-effort attempt to respond with a mitigation plan or timeline. Please avoid public disclosure until a fix or coordinated disclosure plan is in place.