Please report security issues privately to cristianbarnes@gmail.com. Include a clear description, steps to reproduce, and any relevant logs or payloads.

We aim to acknowledge reports within 7 days and provide a status update within 14 days. Fix timelines depend on impact and complexity; we prioritize high-severity issues.

Security fixes are provided on a best-effort basis for the main branch only.