Status: Pre-release project maintained by volunteers. Best-effort responses.

Please report vulnerabilities via GitHub Security Advisories.

Do not open public issues/PRs for suspected vulnerabilities.

• In scope: This repository only.
• Out of scope: Deployment hardening topics (e.g., running on shared hosts, handling untrusted inputs, exposing the service directly to the public internet). See our README “Security Warning” for deployment guidance.

No bug bounty and no SLA.

Pre-release only: the main branch is supported; no backports.