Security fixes are applied to the current main branch.
If you find a security issue:
- Do not open a public issue with exploit details.
- Use GitHub private vulnerability reporting if it is available for this repository.
- If private reporting is unavailable, open a minimal public issue asking for a private follow-up without disclosing sensitive details.
Relevant issues include:
- command execution vulnerabilities
- unsafe shell invocation
- path traversal or arbitrary file write behavior
- credential leakage
- dependency vulnerabilities with practical impact
- network/API handling bugs that expose local machine information unexpectedly