If you discover a security vulnerability, do not open a public issue.

Please report it via one of the following:

• Email: Mail
• GitHub Private Advisory: Report here

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fix (optional)

• Acknowledgement: Within 48 hours
• Status update: Within 7 days
• Resolution target: Within 90 days (depending on severity)

We appreciate responsible disclosure and will credit you in the fix (if you wish).