Security fixes are applied to the latest state of main.
Do not open public GitHub issues for suspected vulnerabilities.
Use one of these channels instead:
- GitHub private vulnerability reporting, if enabled for the repository
- direct contact with the maintainer through GitHub
Include:
- a description of the issue
- reproduction steps or a proof of concept
- impact assessment
- any suggested remediation
You should receive an acknowledgment as soon as practical after the report is reviewed.