The project is maintained on the main branch and through the latest tagged release.

Please do not open public GitHub issues for suspected security vulnerabilities.

Use GitHub's private vulnerability reporting for this repository when available. Include:

• a clear description of the issue
• affected versions or commits
• reproduction steps or a proof of concept
• impact assessment if known
• any suggested remediation

If private reporting is not available, contact the repository maintainers privately before disclosing details publicly.

Maintainers will aim to:

• acknowledge the report within 5 business days
• confirm whether the issue is in scope
• provide status updates as investigation progresses
• coordinate disclosure after a fix is available when appropriate

Please allow time for investigation and remediation before public disclosure. Once a fix is available, maintainers may publish release notes or an advisory describing the impact and remediation guidance.