# Security Policy
## Supported Versions
Security fixes are applied to the latest `main` branch.
## Reporting a Vulnerability
If you discover a security vulnerability, do not open a public GitHub issue.
Use one of the following:
1. Open a private GitHub security advisory for this repository.
2. If private advisories are unavailable, contact the repository owner directly.
Include:
- A clear description of the issue
- Reproduction steps or proof of concept
- Impact and affected versions
- Any suggested mitigations
## Disclosure Process
- We will acknowledge receipt as quickly as possible.
- We will triage and assess severity.
- We will coordinate a fix and release plan.
- We will publish an advisory after mitigation is available.