Security fixes are applied to the latest release on main. If you are on an older version, please upgrade to the latest release first.

Please do not open a public GitHub Issue for potential security vulnerabilities.

Instead, report privately using one of these options:

• GitHub: use the repository's Security → Advisories → Report a vulnerability flow (preferred)
• If GitHub private reporting is not available for your account, contact the maintainer via the contact method listed in the project README.

Include:

• A clear description of the issue and impact
• Steps to reproduce (PoC if available)
• Affected versions / environments
• Any suggested fix or mitigation

We will acknowledge receipt, investigate, and coordinate a fix/release. Please allow a reasonable time window for remediation before public disclosure.