If you discover a security vulnerability, please report it by opening an issue or contacting the maintainers directly. Do not disclose security issues publicly until they have been reviewed and patched.

• Never commit secrets, API keys, or credentials to the repository.
• Use environment variables for sensitive configuration.
• Review dependencies for known vulnerabilities.
• Follow secure coding practices (input validation, error handling, least privilege).

We support the latest stable release. Security patches will be backported at the maintainers' discretion.

We appreciate responsible disclosure. Please allow us reasonable time to address issues before public disclosure.