We release patches for security vulnerabilities in the following versions:

Note: Only the latest minor version of each major version receives security updates.

We take the security of [Project Name] seriously. If you discover a security vulnerability, please follow these steps:

• Do not open a public GitHub issue
• Do not discuss in public forums or social media
• Do not share details until a fix is released

Contact us through one of these secure channels:

Primary Contact:

• Email: security@[domain].com
• Subject Line: "[SECURITY] Brief description"
• PGP Key: [Link to PGP key if available]

Alternative Channels:

• GitHub: Use the "Report a vulnerability" feature in the Security tab
• HackerOne: [Program URL if applicable]
• Other: [Additional secure contact method]

Please provide the following information:

• Type of vulnerability (e.g., XSS, SQL injection, authentication bypass)
• Affected versions or commit range
• Steps to reproduce with detailed instructions
• Proof of concept (code, screenshots, or exploit)
• Impact assessment (what an attacker could achieve)
• Suggested fix if you have one
• Your contact information for follow-up questions

You can expect the following response timeline:

• Initial Response: Within 48-72 hours acknowledging receipt
• Assessment: Within 7 days confirming vulnerability and severity
• Progress Updates: Every 7-14 days until resolution
• Fix Release: Varies by severity (see below)
• Disclosure: Coordinated with report