We patch security issues against the latest minor release on main.

Please email manav@manavaryasingh.com with a clear description and a minimal reproducer. Do not open a public issue. We aim to respond within 5 business days and ship a fix or mitigation within 30 days for confirmed vulnerabilities.

We will credit reporters in the changelog unless asked otherwise.