Security fixes are applied to the latest released version and the current main branch.
Please do not open public GitHub issues for security reports.
Instead:
- use the repository's GitHub Security reporting flow if the Security tab exposes "Report a vulnerability"
- if that flow is unavailable, contact the maintainer privately through GitHub before public disclosure
When reporting a vulnerability, include:
- the affected version or commit
- a clear description of the issue
- reproduction steps or a proof of concept when safe to share
- impact assessment and any suggested remediation
We will acknowledge valid reports as quickly as possible and coordinate disclosure after a fix is available.