TODO: Update as appropriate.

We take security issues seriously and appreciate responsible disclosure.

If you believe you have found a security vulnerability:

• Do not open a public issue.
• Report it privately using one of the following:
  • GitHub Security Advisories (preferred, if enabled for the repository)
  • Email: security@your-org-domain.example

Please include:

• a clear description of the issue
• affected versions or components
• steps to reproduce, if known
• any relevant logs, traces, or proof-of-concept code

• We aim to acknowledge reports within a reasonable time frame.
• We will assess the issue and determine appropriate remediation.
• We may ask for additional information to help validate or reproduce the issue.

• We ask that reporters allow reasonable time for investigation and remediation before public disclosure.
• Coordinated disclosure is preferred.

Security fixes are typically applied to:

• the current release
• recent supported versions, where feasible

Older or unmaintained versions may not receive fixes.

We are happy to acknowledge reporters for valid security disclosures, unless anonymity is requested.