If you discover a security issue, please report it privately to the maintainer before opening a public issue.

When reporting:

• describe the affected version or commit
• explain the impact
• include reproduction steps if possible

Do not publish exploit details until a fix is available.