Please do not open a public GitHub issue for security vulnerabilities.

Report security issues privately via GitHub's security advisory feature.

Include:

• A description of the vulnerability and its potential impact.
• Steps to reproduce or a proof-of-concept.
• Any suggested fix, if you have one.

You will receive a response within 72 hours. We aim to release a fix within 14 days of a confirmed report and will credit reporters in the release notes unless anonymity is requested.