Only the latest commit on the default branch is supported for security fixes.

Please do not open a public GitHub issue for a security problem.

Send a private report with:

• a short description of the issue
• affected version or commit
• reproduction steps
• impact assessment

If the report includes screenshots or logs, remove personal data first.

• No secrets, signing credentials, or personal data should be committed to the repository.
• Public release artifacts must be signed with Developer ID Application.
• Public release artifacts must be notarized before distribution.
• Only the Screen Recording permission is expected at runtime.