Security fixes are expected to target the latest released version of stringr.

Please do not open a public GitHub issue for suspected security vulnerabilities.

Instead:

1. Use GitHub's private vulnerability reporting or security advisory flow for this repository if it is enabled.
2. If private reporting is not available, open a discussion or issue only after removing any sensitive exploit details and clearly note that you are looking for a secure reporting path.

When reporting a vulnerability, please include:

• affected stringr version
• a short description of the issue
• impact and potential abuse scenario
• reproduction steps or proof of concept, if safe to share privately
• any suggested mitigation, if known

You can expect:

• acknowledgement after the report is reviewed
• a best-effort attempt to validate the issue
• coordination on disclosure timing when a fix is needed

Most issues in this library are likely to be correctness or reliability bugs rather than security vulnerabilities. If you are unsure, it is still okay to start with a private report.