# Security policy
## Supported versions
The latest `1.x` release receives security fixes. Prereleases and versions
before 1.0 are unsupported after 1.0 is published.
## Reporting a vulnerability
Report vulnerabilities privately through GitHub's security-advisory interface:
<https://github.com/stateforward/sml.rs/security/advisories/new>
Do not open a public issue for a suspected vulnerability. Include affected
versions, a minimal reproducer, impact, and any suggested mitigation. The
maintainers will acknowledge a report within seven days and coordinate a fix,
advisory, and release before public disclosure.