Please do not report security vulnerabilities in public issues.

Use GitHub private vulnerability reporting for this repository:

1. Open the repository Security tab.
2. Click Report a vulnerability.
3. Include affected files, reproduction steps, and potential impact.

1. Initial acknowledgement target: within 3 business days.
2. Triage outcome target: within 7 business days.
3. Status updates: at least once per week until resolution.

1. A fix is prepared and validated.
2. A release with the fix is published.
3. Public disclosure notes are shared after users can update.