We support the latest release and the main branch for security fixes.

Please email [email protected] with details. We aim to acknowledge within 72 hours.

If your report includes sensitive information, please indicate so, and we will coordinate a private fix and disclosure timeline.

• Avoid using insecure CRT variants on Windows; prefer safe wrappers or our shared helpers.
• Keep dependencies minimal and up to date.