If you discover a security vulnerability, please disclose it privately by opening an issue and marking it security, or contact the maintainers via a private channel. Avoid posting exploit details publicly until the issue is fixed.

We will respond and triage reported vulnerabilities promptly.