# Security Policy
## Reporting a Vulnerability
If you discover a security vulnerability in this project, please report it responsibly.
**Do not open a public GitHub issue for security vulnerabilities.**
### How to Report
Report via [GitHub Security Advisories](https://github.com/dakera-ai/dakera-rs/security/advisories/new)
Please include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested mitigations
### Response Timeline
- **Acknowledgement**: within 2 business days
- **Initial assessment**: within 5 business days
- **Fix and disclosure**: coordinated with the reporter
## Supported Versions
We actively maintain the latest release. Security patches are applied to the most recent version.
## Scope
This policy applies to vulnerabilities in this repository's code. For the hosted Dakera service, please use the same reporting channel above.