Security fixes are applied to the latest state of the main branch.

Older snapshots or forks may not receive patches.

Please do not open public issues for security vulnerabilities.

Report security concerns privately by contacting the repository owner through GitHub security reporting channels:

• Use GitHub private vulnerability reporting (if enabled in repository settings), or
• Contact the maintainer directly through repository profile contact options.

When reporting, include:

• Affected component(s)
• Clear reproduction steps
• Impact assessment
• Suggested mitigation (if known)

• Initial triage acknowledgment: within 7 days
• Confirmation and severity assessment: as soon as reproducible
• Patch timeline: depends on complexity and risk

• Please allow time for investigation and patching before public disclosure.
• Credit is provided to reporters who follow responsible disclosure practices.