Only the most recent release receives security updates.

Do not open a public GitHub issue for security vulnerabilities.

1. Go to the Security tab of this repository
2. Click "Report a vulnerability"
3. Fill in the details and submit

If private vulnerability reporting is not available, email the maintainers directly. Contact information can be found in the repository's commit history.

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact

• Acknowledgment: within 14 days of report
• Assessment: severity evaluation and fix timeline provided after acknowledgment
• Fix target: within 90 days for most vulnerabilities

We follow coordinated disclosure:

1. Reporter submits vulnerability privately
2. We acknowledge and assess the report
3. We develop and test a fix
4. Fix is released with a security advisory
5. Reporter is credited (unless they prefer anonymity)

Please allow us reasonable time to address the issue before any public disclosure.