For security vulnerabilities, do not open a public GitHub issue.

Report privately via email: contact@endee.io

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact

We will acknowledge within 72 hours and aim to release a patch within 90 days depending on severity.

For bugs, performance issues, or feature requests, open a GitHub issue.

We follow coordinated disclosure. Once a fix is released, we will publish a summary in the release notes.