This repository contains documentation and specifications only — there is no application code, server infrastructure, or secrets managed here. The security surface is limited to the integrity of the published documentation.
If you discover a security issue (e.g. a supply-chain concern with the docs build, or a way to inject malicious content), please report it privately:
- Go to the Security Advisories page for this repository.
- Click "Report a vulnerability" to open a private report using GitHub's built-in vulnerability reporting.
Please do not open a public issue for security concerns.
- Acknowledgment within 3 business days.
- Status update within 10 business days with an assessment and next steps.
- If the report is accepted, a fix will be prioritized and you will be credited (unless you prefer otherwise).
- If the report is declined, we will explain why.
As a docs-only project, the latest version on the main branch is the only supported version.