This project follows a rolling support policy. Security fixes are applied only to the latest code.

Please do not open public GitHub issues for security reports.

Use GitHub's private vulnerability reporting feature:

• Go to the repository Security tab
• Click Report a vulnerability

If private reporting is unavailable, contact the maintainers directly.

Please include:

• A clear description of the issue
• Steps to reproduce
• Impact assessment
• Affected version/commit
• Proof of concept (if available)

• Acknowledgement: within 72 hours
• Initial triage: within 7 days
• Status updates: at least once per week until resolution

If accepted, we will prepare a fix and coordinate disclosure. If declined, we will provide a brief explanation.