Security fixes are provided on the main branch.

Please do not open public issues for security vulnerabilities.

Instead:

1. Open a private security advisory in GitHub (Security tab).
2. Include clear reproduction steps and impact.
3. If possible, include a suggested fix.

We aim to acknowledge reports within 72 hours and provide regular updates until resolution.