Please do not open public issues or pull requests for security vulnerabilities.
Preferred: report privately using GitHub Security Advisories for this repository.
If private reporting is not available for you, contact the maintainers via the Drupal.org project page and clearly indicate that the report is security-sensitive.
- A clear description of the vulnerability and impact
- Steps to reproduce (or a proof of concept)
- Affected versions (Drupal core version, module version, and relevant config)
- Any suggested mitigation or fix (if you have one)