Security fixes are applied to the latest release line.

Please do not open a public issue for security reports.

Instead, use GitHub Security Advisories for private reporting:

• Go to the repository’s Security tab
• Choose Report a vulnerability

Include:

• A clear description of the issue
• Steps to reproduce (or a proof-of-concept, if safe)
• Expected vs actual behaviour
• Any relevant logs or workflow snippets (remove secrets)

We will acknowledge reports as quickly as possible and work on a fix based on severity.

Thank you for helping keep this action safe.