Before 1.0, security fixes will be made against:
- the latest commit on
main - the most recent PyPI release, once releases begin
Please do not open public GitHub issues for suspected security problems.
Report vulnerabilities privately to:
james.sesler@pm.me
When possible, include:
- affected version or commit
- reproduction steps
- impact assessment
- any suggested mitigation
I will acknowledge receipt as quickly as possible and work with you on a fix and disclosure plan.