Security fixes are applied to the default branch and latest deployed version.
Please do not open public issues for security vulnerabilities.
Instead, report privately with:
- Vulnerability summary
- Reproduction steps
- Impact assessment
- Suggested remediation (optional)
If you cannot share details publicly, contact project maintainers through private channels associated with the repository.
Security concerns include (but are not limited to):
- Authentication and authorization flaws
- Injection vulnerabilities
- Sensitive data exposure
- Supply chain/dependency risks
- Misconfigured deployment settings
After a fix is prepared and validated, maintainers may publish a coordinated disclosure note with remediation guidance.