# Security Policy

## Supported Versions

Security fixes are primarily applied to the latest code in `main` and the latest public release.

Older versions may not receive security updates.

## Reporting a Vulnerability

If you discover a security vulnerability, please report it privately:

- Email: hello@echotube.fun

Please include:

- a clear description of the issue
- impact assessment
- reproduction steps or proof of concept
- affected version/commit

Do not open a public issue for sensitive vulnerabilities.

## Response Process

When a valid report is received, maintainers will:

1. acknowledge receipt
2. investigate and validate impact
3. prepare and test a fix
4. publish a patch and advisory as appropriate

Response times can vary by complexity and maintainer availability.