If you discover a security vulnerability in any Oire Software project, please report it responsibly. Do not open a public issue.

Send your report to abuse@oire.org. Please include:

• A description of the vulnerability.
• Steps to reproduce it, if possible.
• The affected project and version.

All reports will be reviewed promptly and handled confidentially. We will work with you to understand the issue and coordinate a fix before any public disclosure.

Security fixes are applied to the latest released version of each project. Older versions are not actively supported unless otherwise stated in the project's README.

Once a fix is released, we will publicly acknowledge the vulnerability and credit the reporter (unless they prefer to remain anonymous).