Do not open a public issue for security vulnerabilities.
Use GitHub's private vulnerability reporting to report security issues. We will respond within 48 hours.
Include:
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fix (if any)
| Version | Supported |
|---|---|
| Latest | Yes |
| Previous major | Security fixes only |
We follow coordinated disclosure. Once a fix is released, we will publish a security advisory with full details and credit the reporter (unless they prefer anonymity).