Security fixes are applied to the latest released version and the current
master branch.
Please do not open a public GitHub issue for potential vulnerabilities.
Instead, report them privately through GitHub Security Advisories:
If GitHub private reporting is unavailable, contact the maintainer directly and include:
- a clear description of the issue
- affected versions or commit range
- reproduction steps or a proof of concept
- impact assessment if known
I will acknowledge receipt as soon as practical, validate the report, and work toward a fix and coordinated disclosure.