Security fixes are applied to the latest mainline version of this project.

Please do not open public issues for security vulnerabilities.

Use one of the following private channels:

• GitHub Security Advisories (preferred)
• Direct maintainer contact

When reporting, include:

• A clear description of the vulnerability
• Steps to reproduce
• Affected version(s)
• Potential impact
• Suggested remediation, if available

• Initial acknowledgment target: within 3 business days
• Triage and impact assessment: as soon as possible
• Fix timeline: depends on severity and complexity

We will coordinate disclosure with reporters and credit responsible disclosure when appropriate.