Please report security vulnerabilities privately:

• GitHub: Use the repository's Security tab → Advisories → New draft
• GitLab: Create a confidential issue or use your instance's security contact

Do not open public issues for security vulnerabilities.

We aim to acknowledge reports within 48 hours and provide an initial assessment within 7 days.