Only the latest release of each project receives security updates. Please upgrade to the latest version before reporting an issue to confirm it still applies.

Please do not open a public issue for security vulnerabilities.

Instead, use the Report a vulnerability button on the Security tab of the affected repository. This opens a private advisory visible only to you and the maintainers. If you'd prefer not to use GitHub, email andrewnez@gmail.com.

When reporting, please include:

• A description of the vulnerability and its impact
• Steps to reproduce or a proof of concept
• Affected versions if known

You should receive an acknowledgement within 48 hours. We'll keep you updated as we investigate and work on a fix, and credit you in the advisory unless you'd rather stay anonymous.