We release security updates for the latest minor release of this template and the actively maintained applications derived from it. Use the newest template revision when starting a project.

Please report security issues privately to Codebar Solutions AG so we can assess impact and coordinate a fix before public disclosure.

• Email: security@codebar.ch (or your agreed client security contact if this repository was provisioned for a specific engagement).
• Include: affected component or URL, steps to reproduce, and any proof-of-concept you are comfortable sharing.

• We aim to acknowledge receipt within 5 business days.
• We will share a short assessment (accepted, declined, or needs more information) and, when applicable, a timeline for a patch or mitigation.
• Please allow us reasonable time to remediate before publishing details.

We credit reporters who wish to be named after a fix is available. Coordinated disclosure is preferred; public issues for active security vulnerabilities may be closed without detail and handled through the contact above.

This policy applies to this repository and its default application code. Third-party packages and infrastructure are governed by their respective vendors.