Security fixes are currently only guaranteed on the latest state of the main branch.

Please do not open a public GitHub issue for suspected security vulnerabilities.

Instead:

1. Use GitHub private vulnerability reporting if it is enabled for the repository.
2. If private reporting is not available, contact the maintainer privately through GitHub at @nikkogibler and include:
   • A short description of the issue
   • Steps to reproduce
   • Affected files, routes, or components
   • Impact assessment if known
   • Any suggested fix or mitigation if you have one

• Initial triage target: within 3 business days
• Status updates: at least weekly for confirmed issues until resolution or mitigation

Thanks for reporting issues responsibly.