If you discover a security vulnerability, please report it via email to your.email@example.com. Do not create a public issue.

• Only the latest release is supported for security updates.

• All secrets must be managed via environment variables.
• All user input is validated and sanitized.
• Secure HTTP headers are set by default.
• No sensitive data is logged or exposed.

We will investigate all reports and aim to fix valid issues promptly. You will be credited for responsible disclosure.