Security fixes are best-effort for the latest code on the default branch.

Please do not post full exploit details in a public issue.

Preferred process:

1. Use GitHub's private vulnerability reporting feature for this repository if it is enabled.
2. If private reporting is unavailable, open a minimal public issue that states a security concern exists and asks the maintainer for a private contact channel.

Include:

• affected component or file path;
• impact summary;
• reproduction steps or proof of concept;
• suggested remediation, if known.

The goal is to acknowledge reports quickly, confirm impact, and ship a fix before broad public disclosure.