If you discover a security vulnerability, please report it responsibly:

1. Do NOT open a public issue
2. Email security concerns to the maintainer (check repository owner's profile for contact)
3. Or use GitHub's private vulnerability reporting if enabled

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

• Initial response: Within 48 hours
• Status update: Within 7 days
• Fix timeline: Depends on severity and complexity

Security updates are provided for:

• Latest major version
• Previous major version (for 6 months after new major release)

When using this project:

• Keep dependencies up to date
• Use secrets management for sensitive data (never commit secrets)
• Follow the principle of least privilege
• Enable Dependabot security updates
• Review and audit third-party dependencies

• Vulnerabilities will be disclosed after a fix is available
• Credit will be given to reporters (unless anonymity is requested)
• CVE IDs will be requested for significant vulnerabilities