Security Policy

Reporting a vulnerability

Please do not open public issues for security-sensitive bugs.

Instead, report privately via GitHub Security Advisories (preferred), or contact the maintainer directly.

Include:

We will acknowledge reports as quickly as possible and coordinate a fix + disclosure timeline.