Security Policy Report vulnerabilities via email: [email protected] Include steps to reproduce and affected versions. Do not open public issues for undisclosed vulnerabilities.