PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, SEE BELOW.

If you discover a security vulnerability, please report it privately using one of the following channels:

1. GitHub Private Vulnerability Reporting (preferred) — go to the repository's Security tab and click "Report a vulnerability". This creates a private advisory visible only to maintainers and provides a structured workflow for triage, fix coordination, and CVE assignment.

2. Email — send the details to Nuno Maduro at enunomaduro@gmail.com.

All security vulnerabilities will be promptly addressed.