Please report security issues privately through GitHub Security Advisories when available.

If advisories are not available, open a GitHub issue with a minimal, non-sensitive description and ask for a private contact path. Do not post secrets, credentials, private server URLs, or exploit details publicly.

Security fixes target the latest public release and the main branch.

Do not commit keystores, keystore.properties, server credentials, API tokens, or private user backups. These files are intentionally ignored by Git.