Security fixes are provided for the latest released version.

Do not open a public issue for a vulnerability.

Report privately through GitHub security advisories when available, or contact the maintainer directly.

Include:

• affected version or commit
• reproduction steps
• expected and actual behavior
• impact assessment
• any relevant logs with sensitive values redacted

Permission audit logs can contain command patterns, local paths, and tool metadata. Redact those values unless they are required to explain the issue.