Security fixes are applied to the latest supported release line and the active development branch.

Do not open public GitHub issues for suspected security vulnerabilities.

Use GitHub Private Vulnerability Reporting instead:

• https://github.com/kaitranntt/ccs/security/advisories/new

Include:

• A short description of the issue
• Affected version, branch, or install method
• Reproduction steps or proof of concept
• Impact assessment if you have one

Please avoid posting tokens, cookies, private configs, or exploit details in public issues, discussions, or screenshots.

• Initial acknowledgement target: within 3 business days
• Triage and severity assessment after reproduction
• A coordinated fix and release when the report is confirmed

If you already opened a public issue by mistake, edit it down to a minimal note and ask for a private reporting path instead of posting more detail.