Report security vulnerabilities through GitHub's [private vulnerability
reporting](https://github.com/ss0923/limb/security/advisories/new). Do not
open a public issue.
A maintainer will acknowledge receipt within seven days and provide an
initial assessment within fourteen days.
Security fixes are applied to the latest published minor version. Older
versions receive security backports on a case-by-case basis.