OpenFrame is under active development. Security fixes are prioritized for the latest code on master and recent release tags (if available).

Please do not report security vulnerabilities in public issues.

Preferred: use GitHub private vulnerability reporting on this repository.

Alternative: email info@open-frame.net if you cannot use GitHub.

Include as much detail as possible:

• Affected area (API route, auth flow, upload flow, etc.)
• Reproduction steps
• Proof of concept (if available)
• Potential impact
• Suggested remediation (optional)

After a private report is submitted:

1. Maintainers acknowledge receipt.
2. Impact and exploitability are triaged.
3. A fix is prepared and validated.
4. Disclosure timing is coordinated.
5. Credits are given when appropriate.