Security fixes are applied to the latest release series.

Please do not open public issues for security vulnerabilities.

Instead, report privately with:

• Affected version
• Reproduction steps / PoC
• Potential impact

If GitHub Security Advisories are enabled, use private vulnerability reporting there. Otherwise, contact maintainers through a private channel listed in the repository profile.

We will acknowledge receipt as soon as possible and coordinate a fix and disclosure timeline.