# Security Policy for Chess-TUI
Thank you for using and contributing to **Chess-TUI**! Security is important to us. This document explains how you can report security vulnerabilities and what to expect after reporting.
## Supported Versions
We provide security updates for the following versions of Chess-TUI:
| Latest | âś… |
| Older stable | ❌ |
*We recommend always running the latest release to ensure you have the most recent security fixes.*
## Reporting a Vulnerability
If you discover a security vulnerability in Chess-TUI, **please do NOT open a public GitHub issue**. Public issues may expose technical details before a fix is available.
### How to Report
You can report security issues in one of the following ways:
1. **GitHub Security Advisory**
Use the “Security” → “Advisories” section of this repository to submit a private security report.
2. **Email**
Send a detailed report to:
`thomasmauran@yahoo.com`
Please include in your report:
- A clear description of the vulnerability
- Steps to reproduce or a proof-of-concept
- Affected version(s)
- Any relevant logs or screenshots
## Response Timeline
We aim to acknowledge all reports within **72 hours**. After verification, we will:
- Coordinate with the reporter on disclosure details
- Prepare and release a fix
- Update this policy if needed
We will work with you on disclosure timing so that fixes can be published before public details.
## Responsible Disclosure
By reporting issues through the channels above, you agree to:
- Not publicly disclose the vulnerability before a fix is published
- Cooperate with maintainers to validate and patch the issue
## After a Fix is Released
Once a security fix is ready:
- We will publish release notes for the fixed version
- We encourage users to update promptly
- Credit for discoverers may be given, unless anonymity was requested
## Additional Resources
For general guidance on creating repository security policies, see GitHub’s documentation on repository security policies and reporting vulnerabilities.