Security

SECURITY.md

Security Policy

Please report security issues responsibly.

Do not file public issues for vulnerabilities.
Open a private GitHub Security Advisory (preferred) or contact the maintainers privately.
Include steps to reproduce, affected versions/targets, and impact.
We will acknowledge receipt within 5 business days and provide a remediation timeline.

Out-of-scope: vulnerabilities in legacy code under OLD/ (reference-only, never executed).

There aren't any published security advisories