Security fixes will be prioritized for the latest main branch.

Please do not open a public issue for security vulnerabilities.

Instead:

• Create a private report (preferred) via your hosting provider’s security advisory feature, or
• Email the maintainers: security@opensift.org

Include:

• Description of impact
• Repro steps or PoC
• Suggested mitigation (if you have one)

• Least privilege by default
• Audit logging for sensitive actions
• Avoid storing secrets in logs
• Favor on-prem friendly components