If you discover a security issue, please report it by contacting the maintainers or by opening a private GitHub Security Advisory. When reporting, please include:
- A description of the vulnerability
- Steps to reproduce (if possible)
- Impact and potential risk
We aim to respond within 5 business days and will work with you to investigate, address, and disclose the issue responsibly.
Please do not file security issues publicly (as GitHub Issues or Discussions) to prevent unnecessary risk to users.
Your report will be kept confidential until a patch is released.
After a fix is implemented, we will announce the resolution in the release notes.
Thank you for contributing to a safer open source ecosystem!