This project is source-only and does not publish versioned releases. The only supported version is the current HEAD of the main branch. Security fixes will not be backported to older commits.

Please use GitHub's private security reporting to report vulnerabilities. This sends the report directly to the maintainers without public disclosure.

Do not open a public issue for security vulnerabilities.

You should expect an initial response within a few days. If the report is accepted, a fix will be developed privately and pushed to main.