Security fixes are applied to the main branch and included in the next release.
Older releases may not receive backported fixes.
Do not open public GitHub issues for suspected vulnerabilities.
Report security issues privately to the maintainers with:
- affected component(s)
- impact summary
- minimal reproduction or proof-of-concept
- suggested mitigation (if known)
Maintainers will acknowledge receipt, assess severity, and coordinate remediation and disclosure.
- Please allow maintainers reasonable time to investigate and fix before public disclosure.
- Coordinated disclosure is preferred to protect users.