The project currently provides security updates for the following version line:

Please report vulnerabilities privately.

Preferred channel:

1. Use GitHub Security Advisories (Repository -> Security -> Report a vulnerability).

Fallback if Security Advisories are unavailable:

1. Open a GitHub issue with title prefix [SECURITY] and include minimal details.
2. A maintainer will move discussion to a private channel.

• Affected version and environment
• Reproduction steps
• Security impact
• Suggested fix or mitigation (optional)

• Initial acknowledgement: within 72 hours
• Follow-up updates: at least once every 7 days until resolution

• Do not publish exploit details before a patch or mitigation is available.
• Coordinated disclosure is preferred.