Security fixes are applied to the latest main branch and latest published @rotsl/weave version.

Please do not open public issues for security problems.

Report privately with:

• Affected component (weave-editor or @rotsl/weave)
• Reproduction steps / proof of concept
• Impact assessment
• Suggested mitigation (if known)

Preferred contact path:

1. Contact the maintainer through GitHub: https://github.com/rotsl

You will receive acknowledgment as soon as possible, followed by triage and remediation updates.

After a fix is available, coordinated disclosure is preferred.