Security is something I take seriously. If you've found a vulnerability in any of my projects, I genuinely appreciate you taking the time to let me know — responsibly.

Please do not open a public Issue for security vulnerabilities.

Instead, report them privately so we have time to address the issue before it becomes public knowledge. You can do this via:

• GitHub Private Security Advisory — go to the Security tab of the relevant repository and click Report a vulnerability.
• Direct message — reach out to me on Discussions: Readme/OstinUA

Please include as much detail as possible:

• A clear description of the vulnerability
• Steps to reproduce it
• The potential impact you see
• Any suggestions for a fix (optional, but always welcome)

• I will acknowledge your report as soon as possible (usually within a few days).
• I'll keep you updated as I investigate and work on a fix.
• Once the fix is released, I'm happy to credit you in the release notes if you'd like.

This policy applies to all public repositories under the OstinUA GitHub account and all other organizations or projects owned or managed by this user.

• Vulnerabilities in third-party dependencies — please report those to the respective maintainers.
• Issues that require physical access to a device.
• Social engineering attempts.

Thank you for helping keep this project and its users safe.