Security Policy Do not disclose sensitive issues in public GitHub issues. Report security problems privately to the repository owner before public disclosure. Include: affected version or commit reproduction steps expected impact proof of concept if available