Security Policy¶
Reporting a vulnerability¶
Please report suspected vulnerabilities through GitHub private vulnerability reporting. This creates a private discussion with the maintainers and avoids exposing users before a fix is available.
Please include the affected version, reproduction steps, expected impact, and any suggested mitigation. Do not open a public issue for an undisclosed vulnerability.
The maintainers will acknowledge the report as soon as practical and will coordinate validation, remediation, and disclosure with the reporter.
Supported versions¶
Security fixes are applied to the latest released version. Users should upgrade to the most recent release before reporting a vulnerability that may already be fixed.