Until tagged releases exist, security fixes land on the default branch only.

Preferred path:

• use GitHub private vulnerability reporting for this repository if it is enabled

If private reporting is not available:

• do not open a public issue with exploit details
• open a minimal issue requesting a secure reporting path, or contact the repository owners through the hosting profile without disclosing the exploit publicly

Please include:

• affected version or commit
• impact summary
• reproduction steps
• any proof-of-concept details needed to validate the issue

Best-effort triage applies until a dedicated support/security process is published.