Security fixes are applied to the latest release and the current main branch.
Do not open a public issue containing vulnerability details, credentials, private repository information, or a working exploit.
Use GitHub private vulnerability reporting when enabled for this repository. If it is unavailable, contact the repository owner through a private channel listed on the maintainer's GitHub profile.
Include:
- affected file and version,
- security impact,
- reproduction steps,
- proof of concept when safe,
- recommended mitigation if known,
- disclosure constraints.
Do not include live credentials. Revoke or rotate any credential used during testing.