We release patches for security vulnerabilities under new minor or patch versions. Always use the latest release.
If you discover a vulnerability, please email [email protected] with:
- Description of the issue
- Steps to reproduce
- Potential impact
- Suggested remediation (if known)
We aim to acknowledge reports within 72 hours and will keep you informed as we work on a fix. Please do not disclose the vulnerability publicly until we have released an update.
Once a fix is available, we will publish a security advisory in the repository releases and notify contributors via the README.