Thank you for the quick response.
I had intended this as a medium-term fix to the referenced CVE that
Google found. In other words, SMUSH is specifically not secure. This
seems to be the most straightforward approach. It will prevent anyone
using auto-selection of the codec from being the v
This is a simple patch to mark SMUSH experimental so it doesn't
autoselect when choosing the codec. This prevents a malicious file from
exploiting CVE-2025-59734 when a user isn't explicitly choosing that codec.
I have tested this against Google's reference payload with and without
this cha
