This repository is a demo/reference project. Security fixes are applied on a best-effort basis to the latest main branch only.
If you find a security issue, please do not open a public issue first.
Report privately by:
- Opening a GitHub Security Advisory (preferred)
- Or opening a private channel with the maintainer
Include:
- A clear description of the issue
- Steps to reproduce
- Impact assessment
- Suggested fix (if available)
You should receive an initial response within 7 days.
- This project uses demo credentials and local Docker setup for learning purposes.
- Do not reuse demo credentials in production.
- For production hardening, rotate secrets, enforce TLS, and restrict network access.