# Security Policy ## Supported versions Security fixes currently target the latest main branch state. ## Reporting a vulnerability Please do not open public GitHub issues for sensitive security reports. Instead: 1. Prepare a short description 2. Include impact, reproduction steps and affected routes if known 3. Share the report privately with the maintainers ## Scope Please report issues related to: - Authentication - Authorization - Session handling - 2FA flows - File access - Import endpoints - Team mode and user management