Security fixes target the current production code on main.
Use GitHub private vulnerability reporting when possible. If that route is unavailable, email hello@machtblick.de and include Security in the subject.
Do not open a public issue containing credentials, personal data, exploit details, or information that would make an unresolved vulnerability easier to abuse.
Public parliamentary records and the public protocol identifiers documented in NOTICE.md are not secrets.