If you discover a security vulnerability in APDocs Studio, please do not open a public GitHub issue.

Report it privately instead:

1. Go to the Security Advisories page
2. Click "Report a vulnerability"
3. Describe what you found, how to reproduce it, and the potential impact

What to expect:

• A response within 48 hours
• A fix released as soon as the vulnerability is confirmed
• Credit in the security advisory (unless you prefer to stay anonymous)

The following are in scope for security reports:

• Remote code execution
• Privilege escalation
• Data exposure or leakage
• Malicious file handling (PDF, image imports)
• Dependency vulnerabilities with known exploits

• Issues already reported in public GitHub issues
• Vulnerabilities in third-party dependencies without a direct exploit path
• Social engineering attacks

Thank you for helping keep APDocs Studio secure.