If you discover a security vulnerability, please report it privately via GitHub's security advisory feature.

Do not open a public issue.

You should receive a response within 48 hours. We'll work with you to understand the issue and coordinate a fix before any public disclosure.