If you discover a security issue, please do not open a public issue. Instead, email security@rondo.club with:
- Description of the vulnerability
- Steps to reproduce
- Affected component (rondo-club, rondo-sync, etc.)
We aim to respond within 48 hours and will coordinate a fix before any public disclosure.