Report security issues privately through GitHub's security advisory form. Do not report security vulnerabilities on the public issue tracker.

Confirmed vulnerabilities are coordinated through the GitHub Security Advisory opened for the issue. Affected parties include the reporter, users of TagoIO Decoders, and downstream maintainers where relevant.

Security fixes are disclosed through GitHub release notes.