Security fixes are prioritized for the latest release on main.

Please do not open public issues for suspected vulnerabilities.

Instead, report privately via GitHub Security Advisories:

• Repository -> Security -> Report a vulnerability

Include as much detail as possible:

• affected crate(s) and version/commit
• impact and attack scenario
• reproduction steps or proof of concept
• suggested mitigation if known

• Initial acknowledgment target: within 72 hours
• Triage and severity assessment after acknowledgment
• Fix and coordinated disclosure based on impact

We will credit reporters who want attribution once the issue is resolved.