PLEASE DON'T DISCLOSE SECURITY-RELATED ISSUES PUBLICLY, SEE BELOW.

If you discover a security vulnerability, please report it privately:

• GitHub Private Vulnerability Reporting (preferred) — go to the repository's Security tab and click "Report a vulnerability". This creates a private advisory visible only to maintainers and provides a structured workflow for triage, fix coordination, and CVE assignment.

All security vulnerabilities will be promptly addressed.

This policy applies to all repositories under the he4rt GitHub organization, unless a repository defines its own SECURITY.md.