Security fixes are handled on the main branch.
Please do not open a public issue for suspected vulnerabilities.
Report security issues privately to @jatmn. Include the affected commit or release, reproduction steps, impact, and any relevant logs with secrets removed.
Only @jatmn should merge pull requests. Security-sensitive changes should be called out explicitly in the pull request summary and reviewed before merge.