Please do not disclose security issues publicly.

To report a vulnerability, open a private security report in your hosting platform or contact the maintainers directly with details and reproduction steps.

We aim to acknowledge reports within 72 hours.