This project is under active development. Only the latest version on the main branch receives security updates.

If you discover a security vulnerability, please report it responsibly:

• Do NOT open a public issue
• Use GitHub private vulnerability reporting (Security tab → "Report a vulnerability")
• Or email: subztep@gmail.com

Please include:

• Description of the issue
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

You can expect an initial response within 3–5 days.

• Reports will be acknowledged upon receipt
• Issues will be investigated and fixed as quickly as possible
• A security advisory may be published after resolution
• Please do not disclose the issue publicly until it has been addressed

In scope:

• Core application code in this repository
• API endpoints and authentication handling

Out of scope:

• Third-party service misconfiguration
• Known dependency vulnerabilities unless directly exploitable through this project

• Do not commit secrets or API keys
• Use environment variables for sensitive data
• Keep dependencies up to date