We take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions.

To report a security issue, please follow these steps:

1. Use GitHub's Security Advisory: Go to our repository's "Security" tab and click on "Report a vulnerability"
2. Do Not create a public GitHub issue for security vulnerabilities
3. Provide Details: Include as much information as possible about the vulnerability

After submitting your report:

• You'll receive an acknowledgment within 48 hours
• We'll investigate the issue and keep you informed of our progress
• We'll work with you to understand and validate the issue
• We'll maintain communication throughout the process

1. The security issue will be investigated and fixed in a private repository
2. A security advisory will be prepared
3. Once the fix is ready, we will:
   • Release a patch
   • Publish the security advisory
   • Credit the reporter (unless anonymity is requested)

For developers using our project:

• Keep all dependencies up to date
• Review our security documentation regularly
• Enable security features and follow security best practices
• Monitor our security advisories

We are committed to giving credit to security researchers who:

• Follow responsible disclosure practices
• Give us reasonable time to respond
• Do not publish or share the details before a fix is released

For sensitive communications, please use the GitHub Security Advisory feature as described above.