COPM is intended for DEV/LAN usage and should not be directly exposed to the public internet.

Do not open public issues for sensitive vulnerabilities.

Please report security issues privately to project maintainers with:

• Summary and impact
• Reproduction steps
• Suggested remediation (if available)

Private report channel:

• Discord (Support / Security): https://discord.gg/GnAUmXhfeG

• Use strong secrets for all COPM_* environment variables.
• Never commit secrets or runtime data.
• Keep host and dependencies updated.