🔐 Security Policy 🧭 Supported Versions

The table below outlines which versions of our project currently receive security updates and patch support.

Version Supported 5.1.x ✅ Active Support 5.0.x ❌ Deprecated 4.0.x ✅ Active Support < 4.0 ❌ Unsupported

We strongly encourage all users to upgrade to the latest supported version to benefit from ongoing security improvements and patches.

🛡️ Reporting a Vulnerability

If you discover a security issue or potential vulnerability, please help us keep our community safe by reporting it responsibly.

📬 How to Report

Send a detailed description of the vulnerability to: security@[yourdomain].com

Include:

Steps to reproduce the issue

=> Affected version(s)

=> Any possible impact you foresee

=> Your contact information (for follow-up)

⏳ Response Timeline

Once your report is received, our process is:

=> Stage Expected Response Time => Initial acknowledgment within 48 hours => Triage & validation within 5 business days => Patch or mitigation plan within 10 business days (depending on severity) => Public disclosure (if applicable) coordinated with the reporter after patch release

We’ll keep you informed throughout the process and will credit you (if desired) once the issue is resolved.

🔒 Responsible Disclosure Policy

We kindly ask that you:

• Do not publicly disclose the vulnerability until we confirm and release a fix.

• Avoid exploiting the vulnerability or accessing unauthorized data.

• Allow us reasonable time to mitigate the issue.

We follow a coordinated disclosure approach, aligned with ISO/IEC 29147.

🧠 Security Philosophy

Security is a shared responsibility. Our commitment:

Continuous code audits and dependency monitoring

Secure CI/CD and infrastructure practices

Rapid patch deployment upon verified reports

Transparency with our user community

If you ever have concerns about your data or our system integrity, please reach out directly.