Please do not report security issues in public issues or discussions.
Report vulnerabilities through the repository's private security reporting channel. If that is not available where this repository is hosted, contact the maintainers privately before public disclosure.
Include:
- affected commit, tag, or branch
- impact and attack scenario
- reproduction steps or proof of concept
- any suggested remediation
Maintainers will acknowledge valid reports, assess impact, and coordinate a fix and disclosure timeline.