Thank you for helping us keep our project secure. If you believe you have found a security vulnerability in our project, please report it responsibly. Vulnerabilities may be privately disclosed via GitHub's Security Advisories section. We will review all reports promptly.

Please include the following details in your report:

• A clear description of the vulnerability.
• Steps to reproduce (if applicable).
• Any relevant logs or outputs.
• Details of the potential impact (e.g., remote code execution, privilege escalation).
• Any potential workarounds (if you have discovered one).

• Acknowledgment: We will acknowledge receipt of your report within 48 hours.
• Investigation and Review: We will thoroughly investigate the vulnerability, which may take several days to a few weeks depending on the complexity of the issue.
• Updates: We will provide you with regular updates on the status of the vulnerability, and you will be informed as soon as a fix is available.
• Public Disclosure: Once a patch or mitigation has been made available, we will publish a detailed advisory in our GitHub repository under the Security Advisory section. Public disclosure of the vulnerability will follow after a reasonable period to ensure that users have had time to upgrade or apply mitigations.

We will aim to release a fix or mitigation in the next patch release. If applicable, we will thank you publicly in our release notes and the security advisory.

If we determine the reported issue is not a security vulnerability, we will let you know and provide a brief explanation of our findings. If you disagree with the decision, we encourage further discussion to clarify the issue.