Security fixes are applied to the latest minor release on the master branch.

Please report suspected vulnerabilities privately through GitHub's Private Vulnerability Reporting.

Do not open public issues or pull requests for security problems.

When reporting, include:

• A description of the issue and its impact.
• Steps to reproduce, or a proof of concept.
• Affected versions and platform details.
• Any suggested fix or mitigation.

You can expect an initial acknowledgement within 7 days. We will work with you on a fix and coordinate disclosure once a patched release is available. Credit will be given in the advisory unless you prefer to remain anonymous.