Security fixes are applied to the latest master branch.
Please use GitHub private vulnerability reporting (Security Advisories).
Do not open public issues for security vulnerabilities.
Include:
- Affected component/file
- Steps to reproduce
- Impact assessment
- Suggested mitigation (if known)
We will acknowledge valid reports and coordinate disclosure after a fix is available.