Security fixes are applied to the current main development line.

Please do not open a public GitHub issue for security vulnerabilities.

Instead, report security issues privately to the maintainers through the repository security advisory flow or your designated project contact channel.

When reporting, please include:

• affected version or commit
• impact summary
• reproduction steps
• any suggested remediation

We especially want reports covering:

• authentication and MFA
• authorization and access control
• certificate lifecycle and revocation
• remote command execution
• server configuration changes
• secret handling
• audit and logging exposure