<!-- SPDX-License-Identifier: CC0-1.0 -->

# Security Policy

All security issues in `strip-directives` should be reported publicly as bugs.
Private reports will be made public by the maintainers after 7 days with
best-effort attribution. Nevertheless, we will acknowledge security audits and
publish vulnerability advisories for legitimate vulnerabilities.

This document should be considered expired after 2026-06-01. If you are reading
this after that date you should try to find an up-to-date version in the source
repository.

## Advisories

NOTE: Advisories will be created only for vulnerabilities present in released
versions of the project.

| ID  | Date | Affected versions | Patched versions |
| :-- | :--- | :---------------- | :--------------- |
| -   | -    | -                 | -                |

## Acknowledgments

We would like to publicly thank the following reporters:

- _None yet_
