Security fixes are applied to the latest release on PyPI and the main branch.
Please do not open a public GitHub issue for security vulnerabilities.
Instead:
- Open a private report via GitHub Security Advisories if you have access, or
- Contact maintainers through a private channel listed on bnnr.dev.
Include:
- Description of the issue and impact
- Steps to reproduce
- Affected versions
- Suggested fix (if any)
We aim to acknowledge reports within 7 days.