Please do not report security vulnerabilities through public GitHub issues.

Instead, use GitHub’s private vulnerability reporting for this repository:

• Go to the repository’s Security tab → Advisories → Report a vulnerability

Include as much detail as possible:

• A description of the issue and potential impact
• Steps to reproduce
• Proof-of-concept (if available)
• Affected endpoints/components
• Suggested remediation (optional)

Security fixes are applied to the default branch (main).

We aim to:

• Confirm receipt within a reasonable time
• Investigate and provide a timeline when possible
• Coordinate a fix and release before public disclosure