# Security Policy
## Supported Versions
The following versions of rss-tui are currently supported with security updates:
| 0.6.x | :white_check_mark: |
| < 0.6 | :x: |
**Note:** As rss-tui is currently in pre-1.0 development, version support focuses on the latest minor version series. Users are encouraged to update to the latest version via [crates.io](https://crates.io/search?q=rss-tui) for security fixes.
## Reporting a Vulnerability
If you discover a security vulnerability in rss-tui, please report it responsibly.
### How to Report
1. **Do NOT** open a public GitHub issue for security vulnerabilities
2. Email security reports to: [rsstui@halloran.email](mailto:rsstui@halloran.email) (or create a GitHub Security Advisory)
3. Alternatively, use GitHub's [Private Vulnerability Reporting](https://github.com/shalloran/rss-tui/security/advisories/new) feature
### What to Include
Please include the following information in your report:
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact and severity assessment
- Suggested fix (if you have one)
### Response Timeline
- **Initial Response:** Within 7 days
- **Status Update:** Within 30 days
- **Fix Timeline:** Depends on severity
- **Critical:** As soon as possible (typically within 7-14 days)
- **High:** Within 30 days
- **Medium/Low:** Next planned release
### What to Expect
- You will receive acknowledgment of your report
- We will investigate and verify the vulnerability
- If accepted, we will work on a fix and coordinate disclosure
- If declined, we will explain why
- You will be credited in the security advisory (unless you prefer to remain anonymous)
### Disclosure Policy
We follow responsible disclosure practices:
- Vulnerabilities will be disclosed after a fix is available
- A security advisory will be published on GitHub
- The fix will be included in the next release
- We will coordinate with you on the disclosure timeline
Thank you for helping keep rss-tui secure!
