If you believe you have found a security vulnerability, please report it responsibly.

1. Do not open a public GitHub issue for security-sensitive bugs.
2. Report it via GitHub Security Advisories (recommended), or contact the maintainers privately if you need another channel.
3. Include a clear description, steps to reproduce, and impact if possible. We will acknowledge receipt and aim to respond within a reasonable time.

We appreciate your effort to disclose findings in a way that allows us to address issues before they become public.

We release security fixes for the current minor version. Upgrade to the latest release to ensure you have known fixes.