Please report security issues privately — do not open a public GitHub issue.

Email: security@akritos.com

We aim to acknowledge within three business days and will keep you updated as we investigate. Include steps to reproduce and the affected version or commit.

Holt handles business financial data (orders, invoices, journal entries, customer ledgers) and customer PII. Reports about authentication/authorization, data exposure, injection, or ledger integrity are especially valued.

The latest main is supported; fixes land there first.