Open a GitHub Security Advisory on the affected repository.

Include:

• Description of the vulnerability
• Steps to reproduce
• Affected version(s)

Do not open public issues for security vulnerabilities.

• Acknowledgment: Within 48 hours
• Assessment: Within 7 days
• Fix: Based on severity (critical = days, high = weeks, lower = next release)

Only the latest track is supported. Older tracks may receive critical fixes at maintainer discretion.