Only the latest release receives security fixes.

Do not open a public issue for security vulnerabilities.

Report privately via GitHub Security Advisories.

Include:

• A description of the vulnerability
• Steps to reproduce
• Potential impact

You'll receive a response within 7 days. If confirmed, a fix will be released as soon as possible.