We actively maintain and support the following versions of this project. Please ensure you're using a supported version to benefit from security updates.

If you discover a security vulnerability in this project, please follow these steps:

1. Do not disclose the vulnerability publicly.
   Public disclosure can put other users at risk before a fix is available.

2. Create a private issue in this repository.
   Go to the Issues tab and select New Issue. Choose the Security Report template (if available) or provide the following details:

   • Description of the vulnerability.
   • Steps to reproduce the issue.
   • Potential impact and any suggested mitigation.

3. Wait for a response.
   We aim to respond to vulnerability reports within 48 hours. After assessing the report, we will:

   • Confirm receipt of the report.
   • Provide an initial assessment of the issue.
   • Outline the next steps to address it.

We welcome contributions that help enhance the security of this project. If you have identified a security issue and have a fix ready:

1. Fork the repository and create a new branch.
   Use a clear and descriptive branch name like fix/security-issue-name.

2. Implement the fix and write tests.
   Ensure that the fix addresses the issue comprehensively and include test cases to prevent regressions.

3. Open a pull request.

   • Link the pull request to any related security issue.
   • Provide a clear description of the problem and the solution.
   • Include steps for reviewers to verify the fix.

4. Wait for review.
   The team will review the pull request and may request changes or clarifications. Once approved, the fix will be merged into the codebase.

• Once a vulnerability is verified, we will develop and test a patch.
• A fix will be deployed as a new release within 7-14 days, depending on the severity.
• A security advisory will be published alongside the release with details about the vulnerability and the fix.

• Always use the latest stable version of the project.
• Regularly check for updates and apply them promptly.
• Report any suspicious or unexpected behavior.

We expect all users and contributors to adhere to our Code of Conduct. Reports of violations will be taken seriously.

Thank you for helping us make this project secure for everyone!