If you discover a security vulnerability, please open a private security advisory on GitHub before public disclosure.

Please include:

• Description of the issue
• Steps to reproduce
• Potential impact
• Suggested fix, if known

We aim to acknowledge security reports within 48 hours and provide updates on progress regularly.