Security fixes are prioritized for the latest code on the default branch.
Please do not open public issues for security vulnerabilities.
Use GitHub's private vulnerability reporting flow when available:
- Open the repository on GitHub.
- Go to the Security tab.
- Select Report a vulnerability.
If private reporting is unavailable, contact maintainers privately through repository contact channels.
- A clear description of the issue and impact.
- Reproduction steps or a proof of concept.
- Affected files, package names, and versions/commit hashes.
- Any suggested mitigations.
Maintainers will acknowledge reports as soon as possible and provide updates as triage progresses.