# Security Policy ## Supported Versions `llm-ports` is currently pre-release. Security updates are provided for the latest published minor version on the `0.x` line. ## Reporting a Vulnerability Please report suspected vulnerabilities privately via GitHub's [Private Vulnerability Reporting](https://github.com/baabakk/llm-ports/security/advisories/new). This goes directly to maintainers and is not visible publicly until a fix is released. If you can't use the GitHub form, open a discussion at https://github.com/baabakk/llm-ports/discussions and ask for a private contact channel without disclosing the vulnerability details there. When reporting, include: - A clear description of the issue and impact - Steps to reproduce - Any proof-of-concept code or logs (if available) - A suggested fix or mitigation (optional) Please do not open public issues for security vulnerabilities. ## Response Process Maintainers will: 1. Acknowledge receipt within 3 business days 2. Confirm impact and triage severity 3. Work on a fix and coordinate disclosure timing 4. Publish a patch release and a public advisory once a fix is available ## Disclosure Policy We follow responsible disclosure. Vulnerability details remain private until a fix is released or a mitigation is communicated.