Please do not open a public GitHub issue for security vulnerabilities.

Use GitHub's private vulnerability reporting:

1. Go to the repository's Security tab.
2. Click Report a vulnerability.
3. Provide a clear description, reproduction steps, and your assessment of the impact.

Please give us a reasonable time to investigate and patch. We will credit reporters in release notes if they wish.

• Issues in dependencies that are already tracked upstream.
• Denial-of-service via unauthenticated traffic on self-hosted deployments.
• Findings on test / demo credentials shipped in .env.dev.example.