We take security seriously. If you believe you've found a vulnerability, please report it responsibly.
Do not report security vulnerabilities in public issues, discussions, or pull requests.
Report privately via GitHub Security Advisories.
Include as much of the following as you can:
- Type of issue (e.g. XSS, injection)
- Affected package and version
- Steps to reproduce
- Impact and possible exploit
We'll acknowledge your report and keep you updated on the fix.
We release security updates for the latest major version. Upgrade to receive patches.