Do not open a public GitHub issue for security vulnerabilities.

Please report security issues privately through the official GitHub Vulnerability Reporting:

• GitHub Private Reporting: Report a vulnerability here
• Alternatively, go to Settings → Security → Report a vulnerability in this repository.

Include in your report:

1. A description of the vulnerability
2. Steps to reproduce it
3. The potential impact
4. A suggested fix if you have one

• Acknowledgement: within 48 hours
• Assessment: within 7 days
• Fix or mitigation: within 30 days (depending on severity)

We will credit reporters in the release notes unless you prefer to remain anonymous.