I take security bugs seriously and appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.

To report a security issue, please email security[at]tonyburns[dot]net with a description of the issue, the steps you took to create it, affected versions, and if known, mitigations for the issue. If possible, please encrypt your email using my GPG key, which is available at https://github.com/tbhb.gpg. I will make every effort to respond within 48 hours.

Please DO NOT open public GitHub issues, pull requests, or discussions for security vulnerabilities.

When I receive a security bug report, I will:

1. Confirm the problem and determine the affected versions.
2. Audit code to find any potential similar problems.
3. Prepare fixes for all releases still under maintenance.
4. Release new versions and notify users.

If you have suggestions on how this process could be improved, please submit a pull request or email me at the address above.