# Security Policy
## Supported versions
Security fixes are applied to the latest release on `main`.
## Reporting a vulnerability
Please do **not** open a public GitHub issue for security reports.
Instead, email: `security@montoya.io`
Include:
- a description of the issue and potential impact
- steps to reproduce (PoC if possible)
- affected version(s) / commit SHA
- any suggested remediation
We’ll acknowledge receipt and work with you on a fix and coordinated disclosure.