For sensitive vulnerabilities, please use private reporting first:
- GitHub Security Advisories (preferred): open a private report via the repository Security tab.
For non-sensitive security hardening suggestions, you can still use GitHub Issues.
When possible, include:
- affected version/commit
- reproduction steps
- impact assessment
- suggested mitigation (optional)
We will triage reports as soon as possible and track fixes in follow-up issues/PRs.