The active support line is the current develop branch and the latest tagged release.

Do not open public GitHub issues for security reports.

Send reports to admin@jooservices.com with:

• a short description of the issue
• affected versions or commit references
• reproduction steps or proof of concept
• impact assessment if known

JOOservices will acknowledge the report, triage severity, and coordinate remediation privately.

• Use WordPress application passwords instead of primary account passwords.
• Store credentials in environment variables such as WORDPRESS_URL, WORDPRESS_USER, and WORDPRESS_APP_PASSWORD.
• Never commit .env files or hard-coded secrets.
• Do not log authorization headers, app passwords, or raw credential material.
• Revoke and rotate application passwords immediately if exposure is suspected.