Only the latest version receives security updates and patches. Keep your environment up to date.

Do not publish vulnerabilities publicly. Report them through GitHub's private vulnerability reporting.

Include:

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Potential impact on users or the system.

This process is handled on a best-effort basis. Response speed may vary depending on severity and available resources.

Once a report is received and confirmed:

• A fix and release timeline will be prepared.
• The reporter will be notified when the fix is released.
• The reporter will be credited for the discovery (unless anonymity is requested).

Submit a pull request with suggestions for improving this process.