We take the security of this project seriously and appreciate responsible disclosures.
- Do not open public issues with vulnerability details.
- Use GitHub Security Advisories to privately report a vulnerability.
- Alternatively, open an issue titled "Security Disclosure" requesting a private channel.
Provide:
- Description of the vulnerability
- Steps to reproduce or proof-of-concept
- Affected versions/components
- Suggested remediation, if known
Security fixes are applied to the default branch. If release branches exist in the future, we will document supported versions here.
We may credit reporters in release notes if desired and safe to do so.