To report a suspected security issue, do not open a public GitHub issue.

• Email the maintainers through the private security contact listed in repository support channels.
• Include reproduction details, impact, affected versions, and any temporary mitigations.

• Initial triage target: 3 business days
• Status update target: 7 business days
• Coordinated disclosure preferred after a fix or mitigation is ready