We take security seriously and ask that any vulnerabilities be reported privately.

• Please use GitHub’s private vulnerability reporting feature on this repository.
• Do not open a public issue or pull request for security-related matters.

• We aim to acknowledge valid reports within 48 hours.
• Once confirmed, we will work on a fix and notify you when it’s resolved.
• Please allow us time to address the issue before any public disclosure.

• Public issues or PRs disclosing vulnerabilities may be closed for security reasons.
• Always keep your installation up to date with the latest release.