If you discover a security issue, please do not disclose it publicly in a GitHub issue before maintainers have had a chance to assess it.
Until a dedicated private disclosure channel is published, report security concerns by opening a minimal issue requesting a private contact path and avoid posting exploit details, secrets, or reproduction steps in public.
Security reports are especially relevant for:
- SQL execution safety
- parameter binding behavior
- transaction handling
- driver integration boundaries
- documentation that could encourage unsafe usage patterns
The project is still in an early phase, so response times may vary. Valid reports will be triaged and addressed according to severity and current maintenance capacity.