Please report suspected vulnerabilities privately to support@compair.sh. Include reproduction steps, affected version, environment details, and any proof-of-concept information that helps us verify the issue.

We will acknowledge reports within 72 hours and keep you updated as we investigate and prepare a fix.

Supported versions:

• The latest released version is supported for security fixes.
• Older versions may be evaluated case by case, but fixes may require upgrading.

Expected response flow:

1. We acknowledge the report.
2. We reproduce and assess the issue.
3. We prepare and validate a fix.
4. We coordinate disclosure timing with the reporter when appropriate.

Disclosure preference:

Please do not open public GitHub issues for security vulnerabilities.