Currently, only the main branch (latest release) is supported with security updates.

We take the security of EduPilot very seriously. If you discover a vulnerability in this project, please do not open a public GitHub issue.

Instead, please report it privately by emailing the lead maintainer directly.

What to include in your report:

• A detailed description of the vulnerability.
• Steps to reproduce the issue.
• Any potential impact on users or data (e.g., bypassing Row Level Security, unauthorized AI generation).

You should receive a response within 48 hours acknowledging receipt of your vulnerability report. If the vulnerability is accepted, we will work on a patch immediately and issue a CVE/security advisory once the patch is pushed to the main branch.

Thank you for helping keep EduPilot secure for educators everywhere!