Security fixes are provided for the latest released version.
Do not open a public issue for a vulnerability.
Report privately through GitHub security advisories when available, or contact the maintainer directly.
Include:
- affected version or commit
- reproduction steps
- expected and actual behavior
- impact assessment
- any relevant logs with sensitive values redacted
Current-session state can contain local paths and session titles. Redact those values unless they are required to explain the issue.