ColdFront is under active development; security fixes are applied to the main branch and released from there.

Please do not open a public issue for security vulnerabilities.

Report privately through GitHub's Security Advisories — use Report a vulnerability on the repository's Security tab. Please include:

• a description of the vulnerability and its impact,
• steps to reproduce or a proof of concept,
• the affected version / commit,
• any suggested remediation.

We will acknowledge the report, investigate, and keep you updated on progress and the fix timeline. Please allow a reasonable disclosure window before any public discussion.