Only the latest tagged release receives security fixes.

Do not open a public issue for security vulnerabilities.

Please report vulnerabilities privately using one of the following:

1. GitHub Security Advisories (preferred): Report a vulnerability
2. Email: contact the repository maintainer directly.

• Description of the vulnerability and its impact.
• Steps to reproduce or a proof of concept.
• Affected version(s).

• Acknowledgment within 48 hours.
• Assessment and triage within 7 days.
• A fix or mitigation will be developed privately and released as a patch version.
• You will be credited in the release notes unless you prefer otherwise.

We consider security research conducted in good faith to be authorized. We will not pursue legal action against researchers who:

• Report vulnerabilities responsibly through the channels above.
• Avoid accessing or modifying other users' data.
• Do not disclose the vulnerability publicly before a fix is available.