Please do not open public GitHub issues for security vulnerabilities.

Instead, report them privately to the project maintainers with:

• a clear description of the issue
• reproduction steps or proof of concept
• affected versions or deployment assumptions
• suggested mitigations if available

If you are preparing this repository for public release, replace this document with your preferred private contact channel, such as a dedicated security email address.

At the moment, security fixes are expected to land on the latest active branch.