# Security Policy

We take security vulnerabilities seriously. Thank you for improving the security of our project.

## Supported Versions

The following versions of this project are currently supported with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 4.x.x   | :white_check_mark: |
| < 4.0.0 | :x:                |

## Reporting a Vulnerability

Please **DO NOT** open a public issue for security-related vulnerabilities. 

If you discover a security vulnerability, please report it privately via **GitHub's Private vulnerability reporting** feature.
You can do this by navigating to the **Security** tab of this repository, selecting **Advisories**, and clicking the **Report a vulnerability** button.

To help us resolve the issue efficiently, please include the following details in your report:

* **Type of vulnerability** (e.g., XSS, SSRF, Prototype Pollution)
* **Affected component or file name**
* **Steps to reproduce** (including proof of concept / PoC code if available)
* **Potential impact** of the vulnerability

### Our Response Process

1. **Acknowledgment**: We will acknowledge receipt of your report within 48 to 72 hours.
2. **Investigation**: We will verify the vulnerability and evaluate its severity.
3. **Fix & Release**: We will work on a fix in a private fork and release a patched version as soon as possible.
4. **Advisory**: A GitHub Security Advisory will be published if necessary, giving you full credit for the discovery (unless you prefer to remain anonymous).

Please adhere to Coordinated Vulnerability Disclosure (CVD) and **do not disclose the vulnerability publicly** until a patch has been released.