If you discover a security vulnerability, please report it privately via GitHub Security Advisories rather than opening a public issue.

We will acknowledge receipt within 48 hours and aim to release a fix within 7 days for critical issues.