Security fixes target the latest main branch.
Please do not open a public issue for suspected vulnerabilities.
Report security concerns privately to the repository owner through GitHub, or email the maintainer listed on the public GitHub profile. Include reproduction steps, affected versions or commits, impact, and any suggested mitigation.
We aim to acknowledge valid reports within 7 days.