If you believe you have found a security vulnerability, please do not open a public Issue. Instead, contact us privately at [email protected] with details and reproduction steps. We will acknowledge receipt within 5 business days.

Scope: this policy applies to the code in this repository only.