The security of our projects and users is a top priority.

This document outlines how to report security vulnerabilities responsibly.

If you discover a security issue, do not open a public issue.

Instead:

• Report it privately to the organization owner or maintainers
• Provide clear steps to reproduce the issue
• Include any relevant logs, screenshots, or proof-of-concept code

We ask that you:

• Allow reasonable time for the issue to be addressed before public disclosure
• Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
• Act in good faith to protect users and systems

Upon receiving a valid report, we will:

1. Acknowledge receipt of the report
2. Investigate and assess the impact
3. Work on a fix or mitigation
4. Release an update if necessary
5. Credit the reporter when appropriate (if desired)

This policy applies to:

• All repositories under this organization
• Production, staging, and development environments

Thank you for helping keep our projects secure.