Security fixes are applied to the latest main branch state.

Please do not open public issues for sensitive vulnerabilities.

Preferred path:

1. Use GitHub private vulnerability reporting for this repository when it is enabled.

Fallback:

1. Open a GitHub issue with minimal details and mark it as a security concern.
2. Wait for maintainer response before posting technical exploit details.

When reporting, include:

• A clear description of the issue.
• Reproduction steps.
• Affected build/commit.
• Potential impact and suggested mitigation (if known).