# Security Policy

## Supported Versions

The latest release on `main` is the supported version for security fixes.

## Reporting a Vulnerability

If you find a security issue, use GitHub's private vulnerability reporting for this repository.

Please do not open a public issue for a vulnerability unless the issue is already public and understood.

When possible, include:

- A short description of the issue
- Impact and affected area
- Steps to reproduce
- Screenshots or logs if they are safe to share
- Any suggested mitigation or fix

## Response Expectations

- Initial acknowledgment target: within 7 days
- Confirmed issues will be fixed and released as practical

GitHub can notify maintainers through repository and account notifications. No public email address is required in this policy.