Security issues should be reported for the latest maintained branch and current production-ready code.

Please do not open public GitHub issues for security vulnerabilities.

Report vulnerabilities privately:

• Telegram: @ilyarolf_dev

When possible, include:

• affected area or feature
• steps to reproduce
• impact assessment
• logs, screenshots, or payload examples if safe to share

Please report issues responsibly if they affect:

• payment callbacks
• invoice creation
• wallet withdrawals
• admin authorization
• webhook validation
• referral abuse
• multibot token handling

We will review reports as quickly as possible and coordinate remediation privately where needed.