Security fixes are applied to the latest release on the main branch.

Please do not open public GitHub issues for security vulnerabilities.

• Preferred: use GitHub Security Advisories for this repository.
• Alternative: email security@evalforge.dev with reproduction steps and impact.

We will acknowledge reports within 72 hours and provide status updates as we triage, mitigate, and release a fix.