# Security Policy
## Supported versions
| 0.1.x | :white_check_mark: |
## Reporting a vulnerability
Please **do not** file a public GitHub issue for security
vulnerabilities. Email the maintainers at:
**security@polyglotmesh.dev** (placeholder — set up before first release)
We will acknowledge receipt within 48 hours and provide a fix timeline
within 7 days. We follow responsible disclosure: we will coordinate
with you on a public disclosure date that gives users time to upgrade.
## What to include
- Description of the vulnerability and its impact
- Reproduction steps (curl commands, config snippets — redact your real
keys)
- polyglotmesh version, OS, and any relevant build flags
- Whether you intend to disclose publicly
## What to expect
- An acknowledgement within 48 hours
- A triage decision within 7 days
- A patch released as a new minor version for high-severity issues
- A CVE request via GitHub Security Advisories for confirmed issues
- Credit in the release notes (unless you prefer to remain anonymous)