This project is maintained on a best-effort basis. Security fixes will be applied to the latest main branch first.
Please do not report security vulnerabilities in public GitHub issues.
Instead:
- Describe the issue, impact, and reproduction steps.
- Send the report privately to the maintainer through GitHub security reporting if enabled, or another private contact channel you control.
- Allow reasonable time for validation and remediation before public disclosure.
Please report issues such as:
- secret exposure
- authentication or authorization bypass
- command injection
- unsafe dependency or build-chain exposure
- data leakage in reports, logs, or API responses