Please do not report security vulnerabilities through public GitHub issues.

Instead, use GitHub's private vulnerability reporting to submit a report. You can expect a response within 7 days.

Please include as much of the following as possible:

• Type of issue (e.g. path traversal, arbitrary code execution)
• Location of the affected source code (file, branch, commit)
• Steps to reproduce
• Proof-of-concept or exploit code (if possible)
• Impact of the issue