Security fixes are applied to the latest released version on the default branch.
If you are running an older version, upgrade and verify the issue still reproduces before reporting.
Please do not open public GitHub issues for suspected security vulnerabilities.
Report privately by opening a GitHub Security Advisory for this repository.
When reporting, include:
- A clear description of the issue and impact
- Reproduction steps or a proof of concept
- Affected versions, environments, and configuration details
- Any suggested mitigation (if known)
You can expect an initial acknowledgement within 5 business days.