If you discover a security vulnerability, please DO NOT open a public issue.

• Report privately via email: [email protected]
• Include steps to reproduce, impacted versions, environment, and logs if possible.
• You will receive an initial response within 72 hours.

We will assess the report, work on a fix, and coordinate disclosure.