Security fixes are currently applied to:

• The main branch

Please do not open public issues for security vulnerabilities.

Use one of these channels:

1. GitHub Security Advisory (preferred)
2. Email: adopt@absurdityindex.org

Include:

• A clear description of the issue
• Reproduction steps or proof of concept
• Impact assessment
• Any suggested remediation

• Initial acknowledgment: within 3 business days
• Triage decision: within 7 business days
• Fix timeline: based on severity and blast radius

We will coordinate disclosure timing with the reporter whenever possible.