Security fixes are provided on the latest default branch.
Please do not report security vulnerabilities in public issues.
Instead, report privately to project maintainers with:
- A clear description of the issue
- Impact and affected components
- Reproduction steps or proof of concept
- Suggested mitigation if available
Maintainers will acknowledge reports as soon as possible and coordinate a fix and disclosure timeline.