Please report security issues responsibly. Do not open public issues with sensitive details.
- Contact maintainers privately (open a security advisory or use a private channel if available).
- Provide a clear description, environment details, and steps to reproduce.
- We will acknowledge receipt within a reasonable timeframe and work on a fix.
We generally support the latest tagged release. Older versions may not receive security updates.
- Review scripts before running.
- Avoid committing secrets or sensitive configuration.