Security

SECURITY.md

Security Policy

Reporting a Vulnerability

Please do not open public issues for sensitive vulnerabilities.

Send a private report with:

steps to reproduce
affected version/commit
impact assessment
suggested fix (if any)

Maintainers will acknowledge within 72 hours.

There aren’t any published security advisories