If you discover a security vulnerability, please open an issue with the "security" label or contact the repository owner directly. Do not disclose the vulnerability publicly until it has been addressed.

We aim to acknowledge reports within 48 hours and provide a timeline for resolution.