If you discover a security vulnerability, please report it privately via GitHub Security Advisories instead of opening a public issue.

We will acknowledge the report within 48 hours and aim to provide a fix within 7 days of confirmation.

Only the latest release on main receives security updates.