Security fixes are applied on the main branch.

Argus currently accepts security reports through GitHub Issues.

When reporting a security problem:

• Open a new issue and clearly mark it as a security report
• Describe the impact, affected area, and reproduction steps
• Do not include secrets, access tokens, private keys, or live exploit material
• If the report is sensitive, open a minimal issue that asks the maintainer to follow up before you post full details

There is no separate private disclosure channel yet, so please use judgment and limit sensitive details until a maintainer responds.