If you discover a security vulnerability in this project, please do not open a public issue. Instead, report it privately so we can address it responsibly.

Please send to: security account

Include the following information:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Impact or potential consequences
• Any suggested mitigations (optional)

We will respond within 48 hours.

Security updates are released as part of the regular version releases. When a fix is released, we will update the release notes and tag it accordingly.

We follow a responsible disclosure policy:

1. Give maintainers a reasonable time to respond and fix the issue (typically 90 days).
2. Do not publicly disclose details until a fix is available.
3. Credit will be given if desired.