Security fixes are provided for the latest version of the code on the default branch. Older snapshots, forks, and modified local builds may not receive security updates.

Please do not open a public issue for security problems.

If you find a vulnerability, report it privately to the repository maintainer through GitHub and include:

• a clear description of the issue
• steps to reproduce it
• the affected files, features, or build path
• any proof-of-concept details that help confirm the problem

You can expect:

• acknowledgment as soon as reasonably possible
• a review of the report and impact
• follow-up if more information is needed
• a fix or mitigation plan when the issue is confirmed

Please allow time for investigation and remediation before sharing vulnerability details publicly. Coordinated disclosure helps protect users and downstream projects.

This policy covers vulnerabilities in source code, build scripts, bundled assets, and release artifacts maintained in this repository.