We release security patches for the latest stable version of the application.
Please update to the most recent release to ensure you receive the latest security fixes.

If you discover a security vulnerability, please do not create a public GitHub issue.
Instead, report it privately via one of the following methods:

• GitHub Security Advisories (preferred): Open a new draft advisory
• Email: [email protected]

When reporting, please include:

1. A detailed description of the vulnerability.
2. Steps to reproduce the issue.
3. The potential impact (e.g., data loss, remote code execution).
4. Suggested fixes (if available).
5. Any relevant screenshots or proof-of-concept code.

1. We will acknowledge receipt of your report within 3 working days.
2. We will work on verifying and reproducing the vulnerability.
3. We will aim to release a patch within 14 working days of verification (complex cases may take longer).
4. Once fixed, we will publish a GitHub Security Advisory and, if applicable, request a CVE ID.
5. We will credit the reporter publicly (unless you request otherwise).

We value responsible disclosure and will credit all verified security researchers in:

• The GitHub Security Advisory.
• This repository’s SECURITY.md acknowledgements section.
• CVE records (if a CVE is issued).

We thank the following security researchers for their responsible disclosure and contributions:

• Adrian (@eternalvalhalla)

This section lists previously disclosed vulnerabilities, their impact, and who reported them.