Security updates are applied to the latest main branch and the most recent release.

Please do not report security vulnerabilities in public GitHub issues.

Use one of the following private channels:

1. GitHub Security Advisories: https://github.com/webrenew/agent-observer/security/advisories/new
2. Email: opensource@webrenew.com

Please include:

• A clear description of the issue
• Reproduction steps or proof of concept
• Impact assessment
• Any suggested remediation

• Initial acknowledgment target: within 3 business days
• Status update target: within 7 business days
• Fix timelines depend on severity and exploitability

Please allow time for remediation before public disclosure. We will coordinate a disclosure timeline with the reporter.