If you discover a security vulnerability, please use GitHub's private vulnerability reporting feature for this repository. If private reporting is not available, open a short issue requesting a private channel -- do not post exploit details publicly.

• Affected commit or version
• Description of the vulnerability and its impact
• Steps to reproduce
• Any relevant logs (with sensitive data removed)

We aim to acknowledge security reports within 3 business days.