Security reports are especially relevant for:
- authentication and password reset
- admin access control
- member-center authorization
- upload and media handling
- payment and webhook flows
Please do not disclose security vulnerabilities through public GitHub issues.
Instead, report them privately to the project maintainer through the designated security contact channel used for this deployment.
When reporting, include:
- affected version or commit
- reproduction steps
- impact assessment
- any logs, screenshots, or proof of concept that help confirm the issue
The project should verify the report, assess impact, and decide whether a hotfix, release patch, or mitigation notice is required.