If you find a security issue, please report it responsibly.

• Share enough detail to reproduce the issue
• Give me reasonable time to investigate and patch
• Avoid public disclosure before a fix is ready

• Post exploit details in public issues first

Use GitHub Security Advisories for this repository if available.
If advisories are not enabled, open an issue with minimal details and mention it is security-sensitive so we can move to a private channel.