Do not open a public GitHub issue for security vulnerabilities.
Please report security issues privately via GitHub's private vulnerability reporting.
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
I'll acknowledge within 48 hours and aim to ship a fix within 7 days for confirmed issues.