Please report security issues via GitHub Security Advisories (preferred), so we can coordinate a private fix and disclosure timeline.

If you cannot use GitHub advisories, contact the maintainers via the repository contact listed on the project page.

Please do not open public issues for security reports.

Security fixes are applied to the latest release line and the master branch. Older releases are not guaranteed to receive fixes.

We aim to acknowledge reports within a few business days and provide a remediation plan as quickly as possible.