If you discover a security vulnerability, please:

1. DO NOT open a public issue
2. Email the maintainers with details
3. Include steps to reproduce if possible
4. Allow reasonable time for a fix before disclosure

This application implements several security measures:

• File type validation (only images allowed)
• File size limits (50MB max)
• MIME type checking

• Rate limiting (10 requests/minute per IP)
• CORS configuration
• Security headers (X-Frame-Options, CSP, etc.)

• No persistent storage of uploaded images
• Memory-only processing
• Automatic cleanup after processing

• Regular dependency updates
• Security patches applied promptly
• Automated vulnerability scanning

1. Always use HTTPS in production
2. Set ALLOWED_ORIGIN to your specific domain
3. Monitor rate limiting effectiveness
4. Keep dependencies updated
5. Review logs for suspicious activity