Security fixes are considered for the latest public release.

Do not open a public issue for security-sensitive reports.

Use GitHub's private vulnerability reporting feature when available, or contact the repository owner through the GitHub profile. Include:

• A clear description of the issue.
• Steps to reproduce.
• Affected version or commit.
• Any relevant logs, screenshots, or proof-of-concept details.

Reports about bypassing anti-cheat systems, evading access controls, or automating systems without permission are out of scope unless they describe a vulnerability in TaxClicker itself.