Please report security issues responsibly and in private.

• Do not open a public issue.
• Use GitHub’s Security Advisories feature:
  • Go to the repository
  • Click Security
  • Click Report a vulnerability

Include:

• A clear description of the issue
• Steps to reproduce
• Potential impact
• Any suggested fixes (if available)

You can expect an initial response within a reasonable timeframe.

Please allow reasonable time for the issue to be investigated and resolved before any public disclosure. Responsible disclosure is appreciated.