Security fixes are handled on a best-effort basis for the latest development branch and the current 0.1.x release line.

• Prefer GitHub private vulnerability reporting if it is enabled for this repository.
• If private reporting is not available, do not publish exploit details in a public issue.
• Open a minimal issue requesting a secure contact path, or contact the maintainers through an existing private channel if you already have one.

Please include the affected version, impact, reproduction steps, and any suggested mitigation.