Security fixes are applied to the latest release line.
Please do not open public issues for suspected vulnerabilities.
Use GitHub's private vulnerability reporting for this repository.
Include:
- Affected version/commit
- Reproduction steps
- Impact assessment
- Any proof-of-concept details
You should receive an acknowledgement within 72 hours.