PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, SEE BELOW.
If you discover a security vulnerability, please report it privately using one of the following channels:
-
GitHub Private Vulnerability Reporting (preferred) — go to the repository's Security tab and click "Report a vulnerability". This creates a private advisory visible only to maintainers and provides a structured workflow for triage, fix coordination, and CVE assignment.
-
Email — send the details to Nuno Maduro at enunomaduro@gmail.com.
All security vulnerabilities will be promptly addressed.