SECURITY.md
# Security Policy
## Supported Versions
All latest `MAJOR` (taking version number `x.y.z` as `MAJOR.Minor.patch`) versions are candidates, and will benefit
from a best effort policy to fix any issue.
That noted, there is still some appreciation when it comes to the amount of effort dedicated to the latest version
in comparison to a largely obsolete one.
## Reporting a Vulnerability
You can email me directly at `tristandeloche_at_gmail.com` where I will reply as soon as can be done.
Just try to make it clear in the object of the email that this is about a security vulnerability.
We will then take the following course of action:
1. Assess the vulnerability
2. Discuss whether and when to disclose it (ideally as soon as possible, which this preferrably happening after the fix is out)
3. If it cannot be patched quickly (as it is due to an underlying dependency without update available yet),
responsible disclosure will be done in the form of a warning section in the [parent `README`](README.md) with an
associated issue linked to the upstream issue.
During this whole process you can expect me to try as much as possible to keep you up to date.