Security fixes (if any) are applied on a best-effort basis to the latest code on the default branch.

Please do not open a public GitHub issue for security vulnerabilities.

This project does not currently publish a dedicated security contact (email) or guaranteed private reporting channel.

Instead, use one of the following:

• Open a GitHub issue that does not include sensitive details and ask maintainers to provide a private channel for follow-up.

• A clear description of the issue and impact
• Steps to reproduce (proof-of-concept if available)
• Affected versions/commit SHA (if known)
• Any relevant logs or screenshots (redact secrets)