Security fixes are prioritized for the latest release and main.

Please do not open public issues for potential security vulnerabilities.

Instead:

1. Open a private security advisory in GitHub, if available for this repository.
2. If private advisories are unavailable, open an issue with minimal detail and request a private follow-up channel.
3. Include reproduction steps, affected versions/commit, impact, and any suggested remediation.

We aim to acknowledge reports within 3 business days and will provide status updates as triage proceeds.

• Give maintainers reasonable time to validate and remediate.
• Avoid public disclosure of exploit details until a fix or mitigation is available.
• Credit will be provided to reporters who want attribution.