Security fixes are handled on a best-effort basis for versions that are still actively maintained.

Please do not open a public GitHub issue or Discussion for security vulnerabilities.

Use GitHub's private vulnerability reporting for this repository when available. If private reporting is not available in the repository UI, contact a maintainer through a private channel before sharing any details publicly.

When reporting a vulnerability, include:

• A clear description of the issue and affected area
• Reproduction steps or a minimal proof of concept
• Impact assessment
• Any mitigations or workarounds you have identified

• We will acknowledge reports on a best-effort basis.
• We may ask for additional details to reproduce and validate the issue.
• Please allow time for investigation and coordinated disclosure before publishing details.