# Security Policy
## Supported Versions
Security fixes are evaluated for:
- the latest published release
- the current `master` branch
Older releases may not receive fixes.
## Reporting A Vulnerability
Please do not open a public issue for security-sensitive reports, contact me privately.
Include:
- affected version or commit
- reproduction steps or a proof of concept
- impact assessment
- any suggested mitigation
You should receive an acknowledgment as soon as practical, followed by triage and a coordinated fix plan when the report is confirmed.