# Security Policy

## Supported Versions

We take security seriously. The following versions of our project are currently being supported with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 1.x.x   | :white_check_mark: |
| < 1.0   | :x:                |

## Reporting a Vulnerability

If you discover a security vulnerability, please report it to us as follows:

**Do not report security vulnerabilities through public GitHub issues.**

Instead, please report security vulnerabilities by:

1. Using the [Security Vulnerability Report](.github/ISSUE_TEMPLATE/security_vulnerability.yml) template (this creates a private issue)
2. Emailing [security@yourdomain.com](mailto:security@yourdomain.com) (if available)
3. Contacting the maintainers directly through secure channels

## What to Include in Your Report

Please include the following information in your report:

- A clear description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
- Your contact information for follow-up

## Our Response Process

1. **Acknowledgment**: We will acknowledge receipt of your report within 48 hours
2. **Investigation**: We will investigate the issue and work on a fix
3. **Updates**: We will provide regular updates on our progress
4. **Resolution**: Once fixed, we will notify you and publicly disclose the issue (with your permission)

## Responsible Disclosure

We kindly ask that you:

- Give us reasonable time to fix the issue before public disclosure
- Avoid accessing or modifying user data
- Avoid denial-of-service attacks or other disruptive actions

## Recognition

We appreciate security researchers who help keep our project safe. With your permission, we will acknowledge your contribution in our security advisories.

## Questions?

If you have questions about our security policy, please contact us through the methods listed above.