Security fixes are prioritized for the latest main branch and the latest tagged release.
Please do not open public issues for security vulnerabilities.
Report privately through GitHub Security Advisories:
If needed, contact maintainers listed in MAINTAINERS.md and include:
- Description of the issue
- Reproduction steps or proof of concept
- Potential impact
- Suggested remediation (if known)
We will acknowledge reports as quickly as possible and coordinate a fix and disclosure timeline.
- Initial acknowledgement: within 5 business days
- Triage status update: within 10 business days