Please report suspected vulnerabilities privately instead of opening a public issue. If this repository is hosted on GitHub, use GitHub's private vulnerability reporting feature when available.

Include:

• Affected component and version or commit.
• Reproduction steps or proof of concept.
• Expected impact and any known mitigations.

Security fixes are handled on the default branch unless release branches are created later.