Please report security vulnerabilities through GitHub private vulnerability reporting.

Do not open a public issue for security vulnerabilities.

• Acknowledgement within 48 hours of your report
• Status update within 7 days with an assessment and expected fix timeline
• Fix or disclosure within 30 days for confirmed vulnerabilities

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)