Only the latest commit on main is actively supported. There are no versioned releases — fixes are applied to HEAD.

Do not open a public issue for security vulnerabilities.

Instead, report them privately:

• Email: [email protected]
• Subject line: [SECURITY] code-sharing — <brief description>

Include:

• Affected project/file.
• Description of the vulnerability and its potential impact.
• Steps to reproduce, if applicable.
• Suggested fix, if you have one.

• You'll receive an acknowledgment within 72 hours.
• A fix or mitigation will be prioritized based on severity.
• Credit will be given in the commit message unless you prefer to remain anonymous.

This policy covers the code in this repository. Third-party dependencies (e.g., cyberdrop-dl, yt-dlp, esptool) should be reported to their respective maintainers.