Please do not open a public issue for security problems.

Report vulnerabilities privately using GitHub's built-in private reporting: open the affected repository's Security tab and choose "Report a vulnerability". This routes confidentially to the maintainers.

Please include:

• the affected project and version,
• a description of the vulnerability and its impact,
• steps to reproduce or a proof of concept, if available.

We aim to acknowledge reports within a few days and will keep you informed as we investigate and prepare a fix. Once a fix is released, we're happy to credit you in the release notes unless you prefer to remain anonymous.

Unless a repository states otherwise, security fixes target the latest released version on PyPI. Upgrading to the latest release is the recommended way to receive fixes.