We release security updates for the current major version. Please use the latest release when possible.

Please do not report security vulnerabilities via public GitHub issues.

If you believe you have found a security issue:

1. Email the maintainers (see repository contacts) or open a private security advisory on GitHub: Repository → Security → Advisories → New draft.
2. Include a clear description, steps to reproduce, and impact.
3. We will acknowledge within a reasonable time and work on a fix.
4. Do not disclose the issue publicly until we have addressed it or agreed on a disclosure timeline.

We appreciate responsible disclosure and will credit reporters (with permission) in release notes.