We use GitHub Security Advisories to manage vulnerability reports. If you find a security bug, please:

1. Go to the "Security" tab of this repository.
2. Click on "Advisories" and then "Report a vulnerability".
3. Provide details and steps to reproduce.

This keeps the report private while we work on a fix. Please do not open a public Issue for security flaws.