If you discover a security vulnerability in PhenoProject, please report it privately via GitHub's security advisories:
Please do not open a public issue for security reports. We will acknowledge receipt within 72 hours and provide a remediation timeline based on severity.
This policy covers the latest released version on the main branch. Older releases are not actively maintained.
We follow a coordinated disclosure model. Once a fix is available and deployed, we will publish a public advisory crediting the reporter (unless anonymity is requested).