Obsync processes private documents and writes to knowledge vaults, so security reports are taken seriously.
Please use GitHub's private Report a vulnerability flow under the repository Security tab. Do not include private documents, real tokens, or sensitive vault content in a public issue.
The current security model and deployment requirements are documented in docs/SECURITY.md.
Only the latest release is expected to receive security fixes during the alpha period.