Please do not file public GitHub issues for security vulnerabilities.
Instead, use GitHub’s private vulnerability reporting for this repository (Security tab → “Report a vulnerability”), if available. If private reporting is not enabled, contact the project maintainers directly with a minimal reproduction, impact assessment, and suggested fix.
Security fixes are applied to the latest main branch.