Security fixes are provided for the latest main branch.

Please do not open public issues for security vulnerabilities.

Report privately with:

• A clear description of the issue.
• Reproduction steps or proof of concept.
• Impact assessment.
• Suggested remediation, if available.

Submit reports through GitHub Private Vulnerability Reporting:

1. Open this repository on GitHub.
2. Go to Security.
3. Select Report a vulnerability.
4. Include "ForgeGrid Security" in the report title.

• Initial acknowledgment: within 72 hours.
• Triage update: within 7 days.
• Fix timeline: shared after impact assessment.

After a fix is available, maintainers will coordinate responsible disclosure, including advisories and release notes where appropriate.