Security fixes are handled for the latest public release.

Do not open a public GitHub issue for vulnerabilities, private tokens, exploit details, or server-specific credentials.

Use one of these paths instead:

• Open a private GitHub security advisory if the repository has private vulnerability reporting enabled.
• Contact support at https://discord.sqware.gg and ask for a private security disclosure channel.

Include the plugin version, server software/version, Java version, a short impact summary, and reproduction steps. Do not include real bot tokens, API tokens, webhook URLs, private keys, or player data unless requested through a private channel.

• Never upload your live config.yml without removing tokens and channel IDs.
• Rotate any token that has been pasted into a public issue, screenshot, log, or chat.
• Download release jars from this GitHub repository or another trusted distribution page.