If you find a security issue, please open a GitHub issue and add the security label.

To help us triage quickly, include:

• a short summary of the issue
• affected area or file, if known
• steps to reproduce or validate the problem
• possible impact
• any suggested fix or mitigation

If you are unsure whether something is a security issue, report it anyway. A clear, minimal reproduction is more useful than a long report.