We take security seriously. If you believe you have found a vulnerability, do not open a public issue.

We generally support the main branch and the most recent tagged release.

Email: [INSERT SECURITY EMAIL]
PGP (optional): [INSERT PGP FINGERPRINT/LINK]

Please include:

• A description of the vulnerability and potential impact
• Steps to reproduce / proof of concept
• Affected commit/tag if known

We will:

1. Acknowledge receipt within 72 hours.
2. Investigate and determine impact.
3. Work on a fix and coordinate a release.
4. Credit you (optional) in release notes.

We prefer coordinated disclosure. Please allow us reasonable time to remediate before public disclosure.