Security

docs/SECURITY.md

Security Policy

Supported Versions

main branch: bug and security fixes.
Tagged releases: critical fixes only.

Reporting a Vulnerability

Email the maintainer listed in AGENTS.md with:

A detailed description of the issue and how to reproduce it.
A proof-of-concept YAML or media file if appropriate.
Suggested mitigations.

Expect acknowledgement within 3 business days and coordinated disclosure for confirmed issues.

There aren’t any published security advisories