Security fixes are provided on a best-effort basis for the latest main branch state.

Please do not open public issues for security vulnerabilities.

Use GitHub Private Vulnerability Reporting in this repository's Security tab and include:

• impact summary
• reproduction steps
• affected commit/version
• optional PoC

1. We acknowledge receipt within 72 hours.
2. We triage and confirm severity.
3. We prepare a fix and mitigation notes.
4. We coordinate disclosure timing with the reporter.

• Do not include real subscription links, access tokens, or private keys in reports.
• If logs are needed, redact node addresses and credentials first.