Please do not open a public GitHub issue for vulnerabilities that could expose user data, credentials, or remote execution paths.

Use GitHub's private vulnerability reporting for this repository when it is available. If you do not have access to a private reporting path, open a minimal issue requesting a private contact channel without including exploit details, proof-of-concept payloads, or secrets.

Include as much of the following as you can:

• Affected version, commit, or deployment setup
• Clear description of the issue and expected impact
• Reproduction steps or a minimal proof of concept
• Any mitigations or configuration workarounds you have identified

• Initial acknowledgement target: within 3 business days
• Status updates target: at least weekly while the issue is active
• Credit: available on request once a fix is released