Security fixes are handled on the default branch. This repository contains educational kata solutions, so release branches are not maintained separately.

Do not open a public issue for suspected vulnerabilities, exploit details, or credential leaks.

Report vulnerabilities through GitHub private vulnerability reporting: https://github.com/krotname/CodewarsKataJava/security/advisories/new

Include:

• affected version or commit,
• exact steps to reproduce,
• impact assessment,
• proposed mitigation if available.

The maintainer aims to acknowledge valid reports within 48 hours and provide a remediation timeline after the impact is confirmed.

For non-sensitive quality issues, use the public issue tracker.