abel-ferreira is currently pre-1.0. Security fixes are applied on the latest published release and on main.

Do not open a public issue for suspected security vulnerabilities.

Report vulnerabilities through GitHub private vulnerability reporting when available. If that is not available, contact the repository owner privately on GitHub with:

• a short description of the issue
• impact and affected surfaces
• reproduction steps or a minimal proof of concept
• any suggested mitigation

You should receive an initial response within 7 days.

The highest priority reports are issues that could:

• expose repository contents or local machine data unexpectedly
• execute unintended commands through hooks or publishing flows
• cause unsafe mutation of git state outside the documented behavior
• weaken trust boundaries between observed, derived, and approved state

Please allow time for investigation and a coordinated fix before public disclosure. Once a fix is available, the project will document the affected versions, remediation guidance, and any relevant acknowledgements.