Please do not open a public issue for security problems.

If GitHub private vulnerability reporting is enabled for the repository, use that first. Otherwise, contact the maintainer privately and include:

• A short description of the issue
• The affected version, tag, or commit
• Reproduction steps or a proof of concept
• The impact you expect

Please do not attach real task databases, exported task lists, or screenshots containing personal information.

The maintainer should acknowledge a report, validate it, and follow up with a fix or mitigation plan as soon as practical. Once the issue is resolved, a public note can be added to the relevant release notes.