# Security Policy
## Supported versions
Security fixes are provided for the latest published minor release.
## Reporting a vulnerability
Please report vulnerabilities privately to repository maintainers.
Include:
- affected version
- reproduction steps
- impact assessment
Do not open public issues for undisclosed vulnerabilities.
## Response expectations
- Initial triage target: within 7 days.
- If confirmed, fix and coordinated disclosure will be prepared.