Please report vulnerabilities privately. Preferred channel: open a GitHub Security Advisory for this repository. If that is not possible, contact the maintainers via the private channel listed in the repository profile.

• Do not create public issues for security findings.
• Provide reproduction steps, impact, and any suggested mitigations when possible.
• You will receive an initial response within 5 business days.