Security fixes are applied to the default branch (currently main or equivalent). Older tags may not receive backports unless agreed with maintainers.

Please do not open a public GitHub issue for security-sensitive reports (e.g. remote code execution, credential leaks in examples, dependency supply-chain concerns).

Instead, contact the repository maintainers via a private channel:

• Use GitHub Security Advisories for this repository if enabled (Security tab → Report a vulnerability), or
• Email the maintainer(s) listed in the repository profile or README, if provided.

Include:

• Description of the issue and impact
• Steps to reproduce (if possible)
• Affected versions or commits (if known)

We will aim to acknowledge receipt within a few business days and coordinate disclosure. This is a best-effort research project; response times may vary.