If you discover a security vulnerability in Evolu, please help keep the project secure by disclosing it responsibly.

Please DO NOT open a public GitHub issue for security vulnerabilities.

Instead, use GitHub's private vulnerability reporting feature.

As this project is maintained by a single volunteer, please be patient.

While Evolu is developed with care, please note:

• This is a volunteer-maintained project
• It has NOT undergone professional security audits yet
• Use in production or security-critical contexts is at your own risk

When a vulnerability is confirmed:

1. A fix will be developed privately
2. A new version will be released with the fix
3. The vulnerability will be disclosed in the release notes after users have had time to upgrade

For non-security issues, please use GitHub Issues.