If you discover a security vulnerability, please:

1. DO NOT create a public Issue
2. Send a description to the repository owner's email
3. Include in your message:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggestions for fixing (if any)

• Acknowledgment of receipt: 48 hours
• Initial assessment: 7 days
• Critical vulnerability fix: 14 days

We thank everyone who responsibly reports vulnerabilities.