Security fixes are applied to the active main branch. Older commits and ad hoc forks are not supported release lines.

Do not open public issues for suspected vulnerabilities.

Use GitHub's private vulnerability reporting flow for this repository when available. If that path is unavailable, contact the maintainer at @staticpayload and include:

• the affected surface or endpoint family
• impact and attacker prerequisites
• reproduction steps or a minimal proof of concept
• any proposed mitigation or patch direction

Please allow time for confirmation and remediation before public disclosure.