The project currently provides security fixes for the latest released minor line.

Please report suspected vulnerabilities through a private GitHub Security Advisory:

• Report a vulnerability

Do not open public GitHub issues for security vulnerabilities.

When reporting, include:

• A clear description of the issue and impact
• Reproduction steps or proof of concept
• Affected versions and environment details
• Any known mitigations

• Initial acknowledgement target: within 3 business days
• Triage and severity assessment: as quickly as possible after acknowledgement
• Fix and coordinated disclosure: as soon as a safe patch is ready

We will coordinate disclosure timing with the reporter and credit the reporter in release notes unless you request otherwise.