# Security Policy

## Supported Versions

Security fixes are provided on a best-effort basis for the latest release and the current `main` branch.

| Version | Supported |
| --- | --- |
| Latest release | Yes |
| `main` | Best effort |
| Older releases | No |

## Reporting a Vulnerability

Please report security issues privately by email: `cocojojo5213@gmail.com`

Do not open a public GitHub issue for vulnerabilities.

Include the following when possible:

- affected version or commit
- operating system
- reproduction steps
- expected impact
- logs, screenshots, or proof of concept if they help explain the issue

## Response Process

- Reports are reviewed on a best-effort basis.
- I usually acknowledge new reports within 5 business days.
- If the report is confirmed, I will work on a fix and coordinate disclosure timing with the reporter when practical.