Please use GitHub Security private vulnerability report when it is available for this repository.

If private reporting is not enabled, open a minimal public issue asking for a private follow-up channel. Do not post secrets, private prompts, private images, databases, .env, configs/config.toml, exploit details, or sensitive logs in public issues.

Security fixes target the latest published release and the current main branch.