This project is academic and private. Security updates are applied only to the active development branch (develop) and the latest stable release (main).
Older versions or tags are not maintained.

Please do not disclose vulnerabilities publicly in Issues or Pull Requests.

Instead, report them privately to the maintainers:

• Contact: your-email@example.com
• Or via the private channel indicated in our team’s Discord.

When reporting, please include:

• A description of the issue and its potential impact.
• Steps to reproduce the vulnerability.
• Any logs, payloads, or stacktraces (shared privately, not in public).
• Suggested mitigation or fix (if known).

We will acknowledge receipt of your report within 48 hours and aim to provide an initial assessment within 5 working days.

This policy applies to:

• The backend RESTful API (Java / Spring Boot).
• Configurations and deployment instructions provided in this repository.
• API contracts (OpenAPI) and documentation.

This policy does not apply to:

• External dependencies (report directly to their maintainers).
• Local development environment issues unrelated to production use.
• Academic reports or classroom feedback (should be handled via the course platform).

By following this policy, you help us address issues responsibly.
We will credit contributors in internal documentation, but no public disclosure will be made without agreement.

dsafadskfsdajfasdf kldsajfklasdjfkjkljfdsf

sdaf sda fsad f asdf asd fads f asdf sadf asd fsad f dsaf asd fsad f sadf sdaf sad fsad fa sdf sadf sdafsdafasdf sdaf ds afsda fsa df safsadf sadfasf saf sadf sa