Security fixes are applied to the current main branch.
Do not open a public GitHub issue for a suspected security problem.
Send a private report to vemund@live.com with:
- a short description of the issue
- impact
- reproduction steps or proof of concept
- any affected versions or commits
I will acknowledge receipt as soon as practical and work with you on validation and disclosure timing.