Please report suspected security vulnerabilities privately and do not open public issues containing exploit details.
Use the maintainers channel for this repository and include:
- affected repository and commit/tag
- impact summary
- reproduction details
- proposed mitigation (if available)
- We will acknowledge receipt as quickly as possible.
- We will triage, validate, and prioritize remediation based on impact.
- Coordinated disclosure is expected; avoid public disclosure until a fix or mitigation is available.
This policy applies to source code, workflows, and release artifacts maintained in this repository.