Do not open a public GitHub issue for security vulnerabilities.
Report privately via GitHub Security Advisories.
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You will receive a response within 7 days. If the report is accepted, a fix will be released as soon as possible and you will be credited in the release notes.