Please report security issues privately.

• Preferred: GitHub Security Advisories ("Report a vulnerability" on the repo)
• Alternative: open an issue only if the report does not contain sensitive details

We will acknowledge receipt within 5 business days and work with you on a fix and disclosure timeline.