# Security Policy ## Supported Versions | Version | Supported | |---------|-----------| | latest | Yes | ## Reporting a Vulnerability If you discover a security vulnerability in CervellaSwarm, please report it responsibly. **DO NOT open a public GitHub issue for security vulnerabilities.** Instead, please email **cervellaswarm@pm.me** with: 1. Description of the vulnerability 2. Steps to reproduce 3. Potential impact 4. Suggested fix (if any) ## Response Timeline - **Acknowledgment**: Within 48 hours - **Initial assessment**: Within 1 week - **Fix timeline**: Depends on severity, typically 1-4 weeks ## Scope This policy applies to: - The CervellaSwarm core framework - Official packages (`cervellaswarm-*` on PyPI, `@cervellaswarm/*` on npm) - The CervellaSwarm GitHub repository ## Out of Scope - Third-party dependencies (report to the respective project) - Self-hosted instances with custom modifications ## Recognition We appreciate security researchers who help keep CervellaSwarm safe. Contributors who report valid vulnerabilities will be acknowledged in our CHANGELOG (unless they prefer to remain anonymous).