Security fixes are applied to the latest version on the default branch.

Please do not open public issues for security-sensitive reports.

1. Open a GitHub security advisory/private vulnerability report.
2. Include reproduction steps, impacted pages, and screenshots if relevant.
3. Include browser version and extension/userscript version.

We will acknowledge reports as quickly as possible and coordinate remediation and disclosure timing with you.