# Security Policy
## Supported versions
The latest tagged release on the default branch is supported.
## Reporting a vulnerability
Please report suspected security issues privately to the maintainers before
public disclosure by emailing `nicknickolaev@gmail.com`. Include:
- affected version(s)
- a minimal reproducer or packet trace
- expected vs observed behavior
- whether the issue affects parsing, key derivation, or state transitions
## Scope
This crate handles protocol parsing and key derivation. Issues in message framing,
transcript handling, nonce reuse, and secret derivation are security-relevant.