The project is maintained on the main branch. Fixes for security issues are released as patch updates on that branch. Older ZIP snapshots or forks are not covered by this policy.

If you discover a security vulnerability, please report it privately so we have time to evaluate and release a fix.

• Use GitHub's “Report a vulnerability” workflow by visiting the Security → Advisories tab and starting a draft advisory. This shares the details directly with @dzigor92.
• If the advisory form is unavailable, use the email address listed on the maintainer's GitHub profile to reach out directly.

We will acknowledge receipt within 3 business days and aim to provide an update on remediation progress within 10 business days. Once a fix is available and users have had a reasonable upgrade window, we will publish the advisory with credit for the reporter (unless you prefer to remain anonymous).