Security fixes are applied to the latest main branch state.

Please report vulnerabilities privately using GitHub Security Advisories:

• Go to the repository Security tab.
• Click Report a vulnerability.
• Include reproduction steps, impact, and suggested fix if available.

Do not open public issues for security vulnerabilities.

• Initial response: within 72 hours.
• Triage status update: within 7 days.
• Remediation timeline depends on severity and complexity.

We follow coordinated disclosure and publish details after remediation is available.