Before Ceiling's first stable release, security fixes are made on the latest
release and the main branch only.
Please do not open a public issue for suspected vulnerabilities, exposed credentials, or private account data. Use GitHub's private vulnerability reporting for this repository instead. If that option is unavailable, contact the maintainer through the private contact method listed on the GitHub profile.
Include the affected version, a minimal reproduction, and the impact. Remove API keys, cookies, OAuth tokens, account identifiers, and unrelated personal data from logs or screenshots.
You should receive an acknowledgement within seven days. Confirmed issues will be coordinated privately until a fix or mitigation is available.