Please report security vulnerabilities privately via GitHub's
[security advisory interface](https://github.com/merlinz01/InstallRS/security/advisories/new).
Do **not** open a public issue or pull request for security reports.
You can expect an initial response within a few days. Once the issue is
confirmed and a fix is ready, a coordinated disclosure and release will
follow.