This repository currently supports the latest code on the main branch.

Older commits, forks, and unpublished local modifications are not covered by this policy unless the maintainer states otherwise.

• Do not open a public GitHub issue for security vulnerabilities.
• Prefer GitHub private vulnerability reporting if it is enabled for this repository.
• If private reporting is not available, contact the maintainer privately before sharing technical details publicly.
• Include reproduction steps, affected files or flows, impact, and any suggested mitigations if you have them.

• Initial acknowledgment target: within 5 business days
• Status update target: within 10 business days after acknowledgment
• Fix timing depends on severity, exploitability, and maintainer availability

• Give the maintainer reasonable time to investigate and publish a fix before public disclosure.
• Avoid posting proof-of-concept exploits, raw tokens, or sensitive payloads in public channels.