We primarily maintain the latest released version. Security reports for older versions are still welcome, and we will assess impact and provide guidance when possible.

Please do not disclose vulnerability details in a public issue.

Contact the maintainer privately through one of the following channels:

• GitHub Security Advisory (recommended)
• Email: heminwmh@gmail.com

A useful report should include:

• Affected version(s)
• Reproduction steps
• Impact assessment
• Suggested fix (optional)

We will respond as soon as possible after confirmation and provide public credit after a fix is released (if you agree).