Security fixes are applied to the latest release on main.
Please do not open a public GitHub issue for security reports.
Instead, email: security@montoya.io
Include:
- a description of the issue and potential impact
- steps to reproduce (PoC if possible)
- affected version(s) / commit SHA
- any suggested remediation
We’ll acknowledge receipt and work with you on a fix and coordinated disclosure.