Security fixes are applied to the main branch. Deployments derived from this repository should track main or cherry-pick patches promptly.

Please report suspected vulnerabilities by emailing [email protected]. Include:

• Detailed description of the issue and potential impact
• Steps to reproduce or proof-of-concept
• Any mitigations already in place

We will acknowledge receipt within 2 business days and provide status updates at least weekly until resolution. Please do not disclose the issue publicly until it has been remediated and coordinated disclosure has been agreed.