Security fixes are applied to the latest release line.

Please do not open public issues for security vulnerabilities.

Use GitHub's private vulnerability reporting for this repository ("Report a vulnerability"). Include:

• Affected version(s)
• Reproduction steps or proof-of-concept
• Impact assessment
• Suggested remediation (if available)

You can expect an initial maintainer response within 5 business days. After confirmation, we will coordinate a fix and a disclosure timeline.