# Security Policy ## Reporting a Vulnerability If you discover a security vulnerability in udoc-viewer, please report it responsibly. **Do not open a public GitHub issue for security vulnerabilities.** Instead, please email us at: **security@docmentis.com** Include: - A description of the vulnerability - Steps to reproduce the issue - The potential impact - Any suggested fix (optional) ## Response Timeline - **Acknowledgment**: We will acknowledge your report within 3 business days. - **Assessment**: We will assess the vulnerability and provide an initial response within 7 business days. - **Fix**: We aim to release a fix for confirmed vulnerabilities as quickly as possible, depending on severity and complexity. ## Scope This policy covers the JavaScript/TypeScript source code in this repository and the pre-built WASM binary distributed with it. ## Supported Versions We provide security fixes for the latest release only. | Version | Supported | | ------- | --------- | | Latest | Yes | | Older | No | ## Disclosure We follow coordinated disclosure. We ask that you give us reasonable time to address the issue before making any public disclosure. Thank you for helping keep udoc-viewer and its users safe.