Security updates apply to the main branch and the current production deployment.

Please report security issues privately by opening a security advisory. Do not open public issues for security vulnerabilities.

When reporting, include:

• A detailed description of the issue and its impact.
• Steps to reproduce or a proof of concept.
• Any relevant logs, screenshots, or mitigations you have tried.

We aim to acknowledge reports within 3 business days and will coordinate a fix and responsible disclosure timeline.