We currently provide security updates for the latest 0.x release line. If you are using an older version, please upgrade to the most recent release before reporting issues.

Please report security vulnerabilities privately to help protect users. Use one of the following options:

• Open a private security advisory in GitHub (preferred).
• If you cannot access GitHub Security Advisories, open a new issue and ask the maintainers to convert it to a private report.

When reporting, include as much detail as possible:

• A description of the vulnerability and potential impact
• Steps to reproduce or proof-of-concept code
• Affected versions and environments
• Any suggested fixes or mitigations

We will acknowledge receipt within 5 business days and aim to provide a status update within 10 business days.