Security fixes target the default branch and the latest release. No separate release lines are maintained.
Report vulnerabilities privately through GitHub's private vulnerability reporting flow for this repository.
Do not use public GitHub issues, pull requests, discussions, chat channels, or other public forums for vulnerability reports.
When reporting a vulnerability, include as much of the following as possible:
- affected version, commit, or deployment identifier
- a description of the issue and the security impact
- steps to reproduce or a minimal proof of concept
- any relevant logs, screenshots, or traces
- any suggested mitigations or fixes, if available