Only the latest release of this project receives security updates.

Do not open a public GitHub issue for security vulnerabilities.

Report vulnerabilities privately by emailing [email protected] with:

• A description of the vulnerability and its potential impact
• Steps to reproduce or proof-of-concept code
• Any suggested mitigations (optional)

You can expect an acknowledgement within 48 hours and a status update within 7 days. We will coordinate a fix and disclosure timeline with you before going public.

This policy covers the source code in this repository. Vulnerabilities in third-party dependencies should be reported upstream to the respective maintainers.