If you discover a security vulnerability in doocs/md, please report it responsibly:

1. Do not open a public GitHub issue for security-sensitive reports.
2. Email the maintainers at security@doocs.org, or use GitHub Private Vulnerability Reporting if available.
3. Include a clear description, steps to reproduce, and impact assessment when possible.

We aim to acknowledge reports within 3 business days and will work with you on a fix and coordinated disclosure timeline.

• Dependency updates and security fixes are tracked via Dependabot alerts.
• Published advisories appear on the Security tab.

Thank you for helping keep doocs/md and its users safe.