Do not post vulnerability details in public issues, pull requests, or discussions.

For a suspected vulnerability in Scrypath:

1. Use GitHub's private vulnerability reporting or security advisory flow for this repository when available.
2. If a private GitHub flow is unavailable, open a public issue that only asks for private security coordination and does not include exploit details.
3. Include the affected Scrypath version or git commit, Elixir and OTP versions, backend configuration, and the smallest reproduction you can share privately.

Security fixes target the latest published Hex release and the current main branch unless the maintainer explicitly documents a broader backport.