This project is developed as an open-source project and may not be suitable for production use without additional security review.

If you discover a security vulnerability, please:

• DO NOT disclose it publicly immediately
• report it via:
  • GitHub Private Vulnerability Reporting (Security tab in the repository), or
  • GitHub Issues (if non-critical)

Include:

• description of the issue
• steps to reproduce
• potential impact
• (optional) suggested fix

• I will try to acknowledge reports within a reasonable time
• Fixes are provided on a best-effort basis
• No guaranteed response or patch timelines

This project is provided "AS IS", without any warranties.

The user is fully responsible for:

• deployment
• configuration
• securing their environment

Before using in production, it is recommended to:

• perform a security audit
• use HTTPS (TLS)
• deploy behind a reverse proxy
• restrict network access (firewall)
• enforce strong authentication