Security fixes are prioritized for the latest state of the default branch.

Please do not open public issues for security vulnerabilities.

Use one of these channels:

1. GitHub private vulnerability reporting (preferred).
2. If private reporting is unavailable, contact the repository maintainer directly through GitHub profile contact options.

Please include:

• A clear description of the issue and impact
• Reproduction steps or proof of concept
• Affected files and versions
• Suggested mitigation (if available)

• Initial acknowledgement: within 72 hours
• Triage decision: within 7 days
• Remediation timeline: based on severity and complexity

After a fix is released, maintainers may publish a security advisory with recommended upgrade actions.