Fleet Pi is still pre-1.0. Security fixes land on the latest main branch. Older commits, tags, and private forks should be treated as unsupported unless a maintainer says otherwise.

Please do not open public GitHub issues for security reports.

Use GitHub's private vulnerability reporting for this repository if it is enabled. If private reporting is not available, contact the maintainers privately through GitHub and include:

• a clear description of the issue
• affected files, routes, or workflows
• repro steps or a proof of concept when safe to share
• any mitigation ideas you already tested

We aim to acknowledge reports within 3 business days and will follow up with triage status, fix planning, and coordinated disclosure guidance.