Report security vulnerabilities by emailing the maintainer directly. Do not open a public issue.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You will receive a response within 72 hours. Confirmed vulnerabilities will be patched in a new release and disclosed once a fix is available.