If you discover a security issue, please do not post full exploit details in a public issue.

Instead:

1. Open a GitHub security advisory for this repository (preferred), or
2. Open a minimal GitHub issue and request a private contact channel.

Please include:

• affected version/commit
• reproduction steps
• impact assessment
• any suggested mitigation

We will acknowledge receipt and work on a fix as quickly as possible.