Please do not open a public GitHub issue for security vulnerabilities.

To report a security issue, open a GitHub Security Advisory (preferred), or email the maintainers directly with a description of the issue and steps to reproduce.

We will acknowledge your report within 48 hours and aim to release a fix within 14 days for critical issues, depending on complexity.

Please include:

• A description of the vulnerability and its potential impact.
• Steps to reproduce or a proof-of-concept (if safe to share).
• Any suggested mitigations.

We ask that you keep the issue confidential until a fix has been released and announced.