We release security updates for the latest stable version of this project. Older versions may not receive security updates.

If you discover a security vulnerability, please report it by emailing the maintainers or opening a private issue on GitHub. Do not disclose security issues publicly until they have been reviewed and patched.

• Telegram: [https://t.me/contact_vasiliev_dmitry]
• Email: [contact.vasiliev.dmitry@gmail.com]
• GitHub: [https://github.com/swimmwatch/telegram-webapp-auth/issues]

We will respond as quickly as possible and keep you informed of the progress.

• All code changes are reviewed before merging.
• Dependencies are regularly updated to address known vulnerabilities.
• Sensitive data (such as secrets and credentials) must not be committed to the repository.
• Use strong, unique credentials for all integrations.

We follow a responsible disclosure process. Once a vulnerability is confirmed, we will work to release a fix and publicly disclose the issue after a patch is available.

For any security-related questions, contact the maintainers at the email above.