Security fixes are accepted for the latest content on the default branch.

Do not open public issues for sensitive vulnerabilities.

Report privately to repository maintainers with:

1. Affected file path(s)
2. Reproduction steps
3. Impact assessment
4. Proposed mitigation (if available)

Maintainers will acknowledge and triage as quickly as possible.

• Never commit API keys, certificates, or customer secrets.
• Use environment variables in examples.
• Use placeholder values in documentation.