This project is under active development. Security fixes are applied to the current main branch.
Please do not open public GitHub issues for suspected vulnerabilities.
Report vulnerabilities privately by emailing:
Include as much detail as possible:
- Affected component or path
- Reproduction steps or proof of concept
- Impact assessment
- Suggested mitigation (if known)
- Initial acknowledgement target: within 5 business days.
- We will validate the report, assess impact, and coordinate a fix.
- If confirmed, we will ship a patch and disclose details responsibly.
- Give maintainers reasonable time to investigate and patch.
- Avoid public disclosure before a fix is available.