# Security Policy

## Supported Versions

Hagakure is distributed as a rolling release on WordPress.org. Only the latest
released version receives security updates. Please make sure you are running the
most recent version before reporting an issue.

| Version | Supported          |
| ------- | ------------------ |
| Latest  | :white_check_mark: |
| Older   | :x:                |

## Reporting a Vulnerability

**Please do not report security vulnerabilities through public GitHub issues,
discussions, or pull requests.**

Instead, report them privately through one of the following channels:

1. **GitHub Security Advisories (preferred)** — Use the
   ["Report a vulnerability"](https://github.com/tarosky/hagakure/security/advisories/new)
   button on this repository's *Security* tab.
2. **Contact TAROSKY** — If you cannot use GitHub, reach out via
   [https://tarosky.co.jp/](https://tarosky.co.jp/).

When reporting, please include as much of the following as possible:

- A description of the vulnerability and its potential impact.
- Steps to reproduce, or a proof of concept.
- Affected versions and your environment (WordPress / PHP version).

We will acknowledge your report as soon as possible, keep you informed of the
progress toward a fix, and credit you in the release notes unless you prefer to
remain anonymous.