If you discover a security vulnerability in this project, please report it privately so it can be addressed before public disclosure.
Do not open a public GitHub issue for security-related concerns.
Instead, please use one of the following channels:
- Open a private vulnerability report via GitHub: Security → Report a vulnerability on this repository.
- Or contact the maintainer directly through the email listed on their GitHub profile.
Please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce, or a proof-of-concept.
- Any suggested mitigation or fix, if known.
You can expect an initial response within 72 hours. We aim to provide a remediation plan or a fix within 30 days for confirmed issues, depending on severity and complexity.
Only the latest commit on the default branch receives security updates unless otherwise noted.
We follow coordinated disclosure. Once a fix is available, we will publish release notes describing the issue and credit the reporter (with their consent).