Please do not open a public issue for security vulnerabilities.

Instead, report vulnerabilities by emailing opensource@musictechlab.io with the following information:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

We will acknowledge receipt within 48 hours and aim to provide a fix or mitigation within 7 days for critical issues.

• We follow coordinated disclosure — we ask reporters to give us reasonable time to fix issues before public disclosure
• We credit reporters in the release notes (unless they prefer anonymity)
• We do not pursue legal action against good-faith security researchers