Please do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities by emailing the maintainer directly. Include:

• A description of the vulnerability and its potential impact
• Steps to reproduce (proof-of-concept if possible)
• Any suggested fix

You can expect an acknowledgement within 48 hours and a fix or mitigation plan within 14 days for confirmed issues.

Once the issue is resolved, we will publish a security advisory and credit the reporter (unless you prefer to remain anonymous).