Please do not report security vulnerabilities through public GitHub issues.

Use one of the following private channels instead:

• GitHub private vulnerability disclosure for this repository (preferred: Report a vulnerability).
• Email the maintainers via the contact listed in Chart.yaml maintainers block.

We will acknowledge receipt within five business days and provide a fix or workaround timeline within fifteen business days.

• Affected version (commit SHA, container tag, or Helm chart version).
• Reproduction steps; proof-of-concept if applicable.
• Impact assessment (what an attacker can do).
• Any known mitigations.

Security fixes are applied to the most recent minor release. Older releases receive critical fixes on a best-effort basis.

If you accidentally post a security issue publicly, we may limit public discussion and ask you to redirect to private channels. We will credit external reporters in the release notes if you wish.