We maintain the main branch and the latest tagged release. If a critical issue affects a tagged release, we may patch the latest tag.

Please do not open public issues for security reports.

• Preferred: open a private GitHub Security Advisory (Security tab → Report a vulnerability)
• Or email: [email protected]

We will acknowledge reports within 72 hours and keep you informed of the fix progress.

Once a fix is available, we will publish a brief advisory and credit reporters who wish to be acknowledged.