Do not open a public GitHub issue for security-sensitive problems.

Instead:

1. Report via GitHub Security Advisories.
2. Include a clear reproduction or proof of concept.
3. Include impact, affected versions, and suggested mitigations if known.

We will respond within 7 days of your report.

Security fixes are expected for the latest release line only until the project has multiple maintained versions.