# Security Policy
## Supported Versions
| 5.x | :white_check_mark: |
| < 5.0 | :x: |
## Reporting a Vulnerability
If you discover a security vulnerability in gitstack, please report it responsibly:
1. **Do NOT open a public issue.**
2. Use [GitHub Security Advisories](https://github.com/Hiro-Chiba/gitstack/security/advisories/new) to report the vulnerability privately.
## Response Timeline
- **Acknowledgment**: Within 48 hours of report
- **Initial assessment**: Within 7 days
- **Fix release**: Best effort, depending on severity
## Scope
gitstack is a local TUI tool that reads Git repositories. Security concerns include:
- Path traversal via user input
- Unexpected crashes (panic) that corrupt terminal state
- Dependency vulnerabilities (tracked via `cargo audit`)
Thank you for helping keep gitstack safe.