We maintain the main branch and the latest tagged release. If a critical issue affects a tagged release, we may patch the latest tag.

Please do not open public issues for security reports.

• Preferred: open a private GitHub Security Advisory (Security tab → “Report a vulnerability”).
• Or email: info@javadali.com

We will acknowledge reports within 72 hours and keep you informed of the fix progress.

This policy covers all files in this repository, including Docker configurations and example configs. Do not include secrets (tokens, passwords, certificates) in reports.

Once a fix is available, we will publish a brief advisory and credit reporters who wish to be acknowledged.