Security fixes are applied to the latest development line on main and the
most recent tagged release.
Do not open public GitHub issues for suspected vulnerabilities.
Report security issues privately through GitHub Security Advisories for this repository. If that channel is unavailable, contact the maintainers directly and include:
- affected version or commit
- impact summary
- reproduction steps or proof of concept
- any suggested mitigation
Maintainers will acknowledge receipt, validate the report, and coordinate a fix and disclosure timeline.