Security updates are provided for the latest major version. We encourage upgrading to the current release.

Do not open a public issue for security vulnerabilities.

Please report them privately:

• Email: Use the security contact for this repository (e.g. via GitHub's private vulnerability reporting).
• Include a description, steps to reproduce, and impact. The team will acknowledge within 24 hours and work with you on a fix and disclosure timeline.

• The team will assess and confirm the report.
• We will prepare a fix and a release (patch or minor, as appropriate).
• We will coordinate disclosure (e.g. release notes, CVE if applicable) and credit reporters when desired.

Thank you for helping keep this project and its users safe.