If you discover a security vulnerability, please report it by emailing the maintainers. Do not disclose the issue publicly until it has been addressed.

Include a description, steps to reproduce, and potential impact.

We aim to acknowledge receipt within 48 hours and provide an initial assessment within 7 days.