Please do not disclose security vulnerabilities publicly before a fix is ready.
Report issues privately to the maintainers with:
- Impact summary
- Reproduction steps
- Affected files/components
- Suggested mitigations if available
We will acknowledge reports as quickly as possible and coordinate a fix and responsible disclosure timeline.