# Security Policy
## Supported Versions
Only the latest release on the `main` branch is supported. Users should always update to the latest version.
## Reporting a Vulnerability
If you discover a security vulnerability in jevil, you are welcome to report it by opening a [GitHub issue](https://github.com/symbolicsoft/jevil/issues) or submitting a [pull request](https://github.com/symbolicsoft/jevil/pulls) with a fix. There is no requirement for coordinated or private disclosure — use whichever method you prefer.
Please include:
- A description of the vulnerability and its potential impact.
- Steps to reproduce the issue, or a proof of concept if applicable.
- A tested, complete fix, if possible.
## Disclaimer
> ## ⚠️ EXPERIMENTAL — DO NOT USE IN PRODUCTION ⚠️
>
> **This is a research-grade proof-of-concept implementation of a brand-new,
> completely novel cryptographic scheme.** Both the *scheme itself* and this
> *implementation* have received **close to zero peer review**.
>
> - The construction has **not** been vetted by the cryptographic community.
> - The security proofs have **not** been independently verified.
> - The code has **not** been audited.
> - There are almost certainly bugs, side channels, and possibly fundamental
> design flaws that have not yet been discovered.
> - APIs, wire formats, and parameter choices may change without notice.
>
> Treat this repository as a **research artifact only**. Do not use it to
> protect anything you care about. Do not deploy it. Do not rely on it for
> any security property whatsoever.