We actively support security fixes for the main branch. Older tags may not receive patches.

If you discover a vulnerability, please email [email protected] with the following:

• Detailed description of the issue and potential impact
• Steps to reproduce or proof-of-concept
• Any suggested mitigations

We aim to acknowledge new reports within 2 business days and provide a status update within 5 business days. Please do not disclose the issue publicly until we confirm a fix or mutually agree on a disclosure timeline.

English is preferred for security communications.