Please email tomblanchard3@outlook.com with details. Do not open a public issue for security reports.

Include (when possible):

• Affected commit / version and repro steps
• Impact summary and any relevant logs or PoC scripts

• We acknowledge within 72 hours.
• We aim to provide a fix or mitigation within 14 days for critical/high issues, best-effort for others.
• Please withhold public disclosure until a fix is released.

• Main branch and published releases.
• Vulnerabilities in third-party dependencies should be reported upstream as well if clearly isolated.

• main (active development)
• Latest published release (if tagged)

Responsible disclosure helps keep the community safe. We appreciate your reports and collaboration.