If you believe you have found a security-related bug with msgspec, do not open a public GitHub issue. Instead, please email jcristharif@gmail.com.

Please include as much detail as you would for a normal issue in your report. In particular, including a minimal reproducible example will help the maintainers diagnose and resolve the issue quickly and efficiently.

After the issue is resolved, we will make a release and announce the security fix through our normal communication channels. When it makes sense we may also obtain a CVE ID. If you would like to be credited with the report, please include your name and any links in the email.