# Security Policy

## Supported Versions

The project is under active development. Security fixes are provided on the
latest `main` branch first. When versioned releases are created, support
windows will be documented in this file.

## Reporting a Vulnerability

Please do not report security issues in public issues.

Report vulnerabilities via [GitHub Security Advisories](https://github.com/DingTalk-Real-AI/dingtalk-workspace-cli/security/advisories/new)
or by emailing the maintainers listed in the repository.

Please include:

- A clear description of the issue and impact
- Reproduction steps or proof-of-concept
- Affected version/commit and environment
- Any suggested remediation

We aim to acknowledge reports within 5 business days and provide a status
update as triage progresses.