If you believe you have found a security vulnerability in this project, please do not open a public issue.
Preferred: report privately via GitHub Security Advisories:
Include, when possible:
- A clear description of the issue and potential impact
- Steps to reproduce (PoC), affected versions/commits, and environment details
- Any suggested fix or mitigation
We aim to:
- Acknowledge receipt within 3 business days
- Provide a remediation plan or status update within 14 days
- Fix the issue and coordinate disclosure within 90 days, when feasible
Timelines may vary depending on severity, complexity, and downstream impact.