Security fixes are applied to the latest CodeFlowMu Open release.
Do not disclose credentials, exploit details, or private user data in a public issue. Use GitHub's private vulnerability reporting for joinwell52-AI/CodeFlowMu-open when available, or contact the repository owner privately before publishing details.
Include the affected version, operating system, reproduction steps, impact, and any safe mitigation. Remove tokens, local paths, task ledgers, screenshots containing private data, and Gateway credentials.
Open releases must come from a clean source commit, carry SHA-256 checksums, exclude user workspaces and runtime ledgers, and pass the public-boundary verifier before publication.