Please report security issues privately using GitHub's private vulnerability reporting feature or by filing a confidential issue.

• Include a detailed description, reproduction steps, and potential impact.
• We will acknowledge receipt within 3 business days and provide regular status updates until resolution.

We follow a responsible disclosure policy. Once a fix is available, we will coordinate a release and publish a security note. Please do not disclose details publicly until an advisory is released.

Security fixes are generally provided for:

• The latest main branch
• The most recent tagged release

Older versions may receive fixes on a best-effort basis.