Please report security issues privately instead of opening a public issue.

Send a report to the maintainers with:

• a clear description of the issue
• affected image tags or recipe paths
• reproduction steps if you have them
• impact assessment if known

If a dedicated private contact address is added later, this file should be updated to point at it.

Security issues include:

• privilege boundary breaks
• image trust or signing issues
• runtime contract violations that expose user-owned or tenant-owned data
• packaging or configuration choices that meaningfully weaken supported images

Please give maintainers reasonable time to validate and ship a fix before public disclosure.