If you discover a security vulnerability, please report it privately using GitHub's private vulnerability reporting.

Do NOT open a public issue.

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Any suggested fixes (optional)

• Acknowledgment: Within 1 week
• Initial assessment: Within 2 weeks
• Fix timeline: Depends on severity
  • Critical: 1 month
  • High: 2 months
  • Medium/Low: 3 months

Security patches are released after verification. Enable GitHub Dependabot alerts to receive notifications about vulnerable dependencies.