Do not open a public GitHub issue for security-sensitive reports affecting the self-hosted core.

Email hello@delega.dev with:

• A clear description of the issue
• Steps to reproduce it
• The affected version or commit if known
• Any logs, screenshots, or proof-of-concept material needed to validate the report

Use a subject line like Security report: delega.

We will acknowledge receipt and continue triage privately.

Security fixes are applied to the current main branch and the latest published container image or release artifacts.