We maintain security fixes for the latest code on the repository default branch. Older snapshots are accepted on a best-effort basis.
If you discover a potential security issue:
- Open a private security advisory at: GitHub security advisories.
- Do not create a public issue before we review and coordinate.
Include: affected version/commit, impact details, reproduction steps, and any proof-of-concept details.
This repository uses automated dependency and static-analysis checks in GitHub Actions to help prevent insecure changes from being merged.
We will investigate reports and coordinate with the reporter to confirm severity and impact, and publish an updated version as needed.