This project is maintained on the current main branch and the latest released version of the package/tool.
Please do not report security issues in public issues or pull requests.
Use GitHub Security Advisories for a private report whenever possible. If that is not available for your case, contact the maintainers through the project channels listed in the repository and include:
- a short description of the issue
- affected component or command
- steps to reproduce
- any proof of concept, if applicable
- expected impact
We will review the report privately, confirm the impact, and work on a fix before public disclosure when appropriate.
Please give maintainers reasonable time to investigate and release a remediation before disclosing details publicly.