Report vulnerabilities via this repo's GitHub Security Advisories (Security tab → Report a vulnerability).

We will acknowledge receipt within 5 business days and aim to provide a remediation timeline within 14 days of triage. We will keep reporters informed of progress and credit reporters in the release notes unless anonymity is requested.

Please do not open a public issue for security vulnerabilities.

This project is pre-1.0. Only the main branch (HEAD) receives security fixes. Older commits and non-main branches are not supported.