Only the latest version on the master branch is supported with security updates.

Please report security vulnerabilities privately to the repository owner via GitHub Security Advisories or email. Do not open public issues for security bugs.

• Never commit .env files, session files, cookies, or proxy credentials.
• Keep ADMIN_SECRET, TELEGRAM_BOT_TOKEN, WEBSHARE_API_TOKEN, and cloud-storage keys in environment variables only.
• Rotate leaked credentials immediately.
• Pin dependency and binary versions; verify checksums when available.