Security fixes are applied to the current main line and any tagged release
line that is still under active maintenance.
Please do not open a public issue for a security vulnerability.
Use GitHub's private security advisory flow for the repository or contact the maintainers through the repository security channel if the advisory flow is not available to you.
When reporting, include:
- a short description of the issue
- the affected version(s)
- the input or command that triggers the problem
- any proof-of-concept details needed to reproduce the behavior
We will acknowledge receipt, triage the report privately, and coordinate a fix or mitigation before any public disclosure.