Please do not open public issues for potential security vulnerabilities.

• Report privately by contacting the repository maintainer.
• Include impact, reproduction steps, affected versions, and any known mitigations.

• Reports are triaged on a best-effort basis.
• A fix is prepared and validated before public disclosure when feasible.
• Release notes will include remediation details once patches are available.

• Latest release tag.
• main branch for in-progress fixes.