Only the latest main and latest tagged release are supported for security fixes.

Please do not open a public issue for unpatched vulnerabilities.

Instead:

• Use GitHub private vulnerability reporting (if enabled), or
• Contact maintainers privately with:
  • Impact summary
  • Reproduction details
  • Suggested mitigation (if any)

We aim to acknowledge reports within 72 hours.