# Security Policy ## Reporting a Vulnerability **Please do not report security vulnerabilities through public GitHub issues.** Instead, report them via email to **security@mininglamp.com**. You should receive a response within **72 hours**. If for some reason you do not, please follow up via email to ensure we received your original message. Please include the following information (as much as you can provide): - Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) - Full paths of source file(s) related to the manifestation of the issue - The location of the affected source code (tag/branch/commit or direct URL) - Any special configuration required to reproduce the issue - Step-by-step instructions to reproduce the issue - Proof-of-concept or exploit code (if possible) - Impact of the issue, including how an attacker might exploit the issue This information will help us triage your report more quickly. ## Preferred Languages We prefer all communications to be in English or Chinese (中文). ## Disclosure Policy - We follow **coordinated disclosure**: we ask that you give us reasonable time to fix the issue before any public disclosure. - Once a fix is released, we will publish a security advisory on GitHub and credit the reporter (unless anonymity is requested). ## Supported Versions | Version | Supported | | ------- | ------------------ | | latest | :white_check_mark: | | older | :x: | We generally only support the latest stable release.