# Security Policy ## Reporting a Vulnerability OfficeCLI reads and writes `.docx`, `.xlsx`, and `.pptx` files, which may come from untrusted sources. If you discover a security vulnerability, please report it privately — **do not open a public issue**. Preferred channel: use GitHub's private vulnerability reporting on this repository (the **Security → Report a vulnerability** tab). This keeps the report confidential until a fix is available. Please include: - A description of the issue and its impact - Steps to reproduce (a minimal sample file is ideal) - The OfficeCLI version (`officecli --version`) and your OS We aim to acknowledge reports within a reasonable timeframe and will coordinate a fix and disclosure with you. ## Supported Versions Security fixes are applied to the latest released version. Please upgrade to the latest version before reporting.