If you discover a security vulnerability, please report it privately.

• Preferred: open a GitHub Security Advisory for this repository (Security → Advisories → “Report a vulnerability”).
• Alternative: open an issue with minimal details and request a private follow-up.

Please avoid posting exploit details publicly until a fix is available.