Security fixes are made against the latest release. Please run a current version before reporting.

Please do not open a public issue, PR, or discussion for security vulnerabilities.

Report privately via GitHub's "Report a vulnerability" (Security → Advisories) so we can triage and fix before disclosure.

Please include: affected version, a description and impact, and steps to reproduce (redact any tokens, credentials, or hostnames).

We aim to acknowledge reports within a few days and will coordinate a fix and disclosure timeline with you.

RemotePower's security model, SSRF protections, CSP posture, and the per-release security reviews are documented in docs/security.md.