• Found a security bug? Thank you for looking out!
• Please don’t open a public issue. Instead, submit an issue to our security tracker.
• Alternatively, you can email me privately at [[email protected]]
• Include as much detail as you can — what you found, how to reproduce it, and why it’s a concern.
• I’ll review it quickly and get back to you as soon as possible.
• Responsible disclosure is appreciated — I’ll credit you if you'd like (or keep it anonymous), bug bounties are not offered.

To help investigate and resolve the issue efficiently, please include:

• A clear description of the vulnerability.
• Steps to reproduce the issue (code snippets, URLs, or configuration details).
• Any potential impact or risk associated with the vulnerability.
• Your contact information (optional, if you'd like credit or follow-up).

I aim to respond to security reports as soon as possible and will work with you to understand and resolve the issue promptly. Once resolved, I may publish a security advisory and acknowledge your contribution if desired.

This policy applies to vulnerabilities in:

• The website codebase and its dependencies.
• Our documentation and configuration files.
• Any services or infrastructure directly maintained by me.

If you're unsure whether something falls under this scope, feel free to reach out anyway — I’d rather hear from you than miss something important.

I'm grateful for any support and responsible disclosures.