Please do not open public GitHub issues for suspected security vulnerabilities in reachable.

Instead, send a private report with:

• a description of the issue
• the affected version or commit
• reproduction steps or a proof of concept
• any suggested mitigation if you have one

Until a dedicated security mailbox is configured, maintainers should be contacted through a private GitHub security advisory or direct maintainer contact.

• We will acknowledge reports as soon as practical.
• We will validate the issue, assess impact, and decide on a fix plan.
• We will coordinate a patch release when the issue is confirmed.

Please avoid public disclosure until a fix or mitigation is available and maintainers have had a reasonable window to respond.