mdplane does not currently maintain a dedicated security email inbox.

If you discover a vulnerability:

1. Use GitHub private vulnerability reporting for this repository if available.
2. If private reporting is not available, open a GitHub issue with sensitive details redacted and ask for a private follow-up channel.

Do not publish exploit details publicly before a fix is available.

Only the latest commit on main is considered supported for security fixes.