This project is actively maintained on the main branch.
Please do not report security vulnerabilities in public GitHub issues.
To report a vulnerability, contact the maintainer directly and include:
- a clear description of the issue
- affected files and components
- steps to reproduce
- potential impact
- suggested mitigation (if available)
You can also use GitHub's private vulnerability reporting feature:
- Repository -> Security -> Report a vulnerability
- Initial acknowledgment target: within 72 hours
- Follow-up with triage and next steps after validation
After a fix is prepared and released, disclosure details may be published in:
- GitHub Security Advisories
- repository changelog or release notes