Security fixes are applied to the latest commit on main.
Do not open public GitHub issues for suspected vulnerabilities.
Report them privately to Mayflower through the repository security advisory flow or the maintainers' private contact channel.
When reporting, include:
- affected version or commit
- reproduction steps
- impact assessment
- any proposed fix or mitigation
We will acknowledge receipt, assess severity, and coordinate disclosure after a fix is available.