Please report security issues confidentially via GitHub's private security advisory flow: Security tab → Advisories → New draft security advisory.

Do not open public issues for security vulnerabilities.

You can expect an initial response within 7 days. Once the issue is confirmed, we will work on a fix and coordinate disclosure with you.

Unless otherwise stated in a repository's README, only the latest release receives security fixes.