# Security policy

## Supported versions

Security fixes are applied to the default branch (`main`) and released as tagged versions when appropriate. Use the latest release or `main` when reporting issues.

## Reporting a vulnerability

**Please do not** open a public GitHub issue for security vulnerabilities.

Instead:

1. Use **[GitHub private vulnerability reporting](https://github.com/thiagodmont/keynobi/security/advisories/new)** for this repository (if enabled), or
2. Contact the maintainers through a **private** channel (for example, the repository owner’s contact options on GitHub).

Include enough detail to reproduce or understand the impact (version or commit, affected component, proof of concept if safe to share).

We will aim to acknowledge reports within a few business days. Thank you for helping keep users safe.