The following table shows which versions of this project are currently being supported with security updates.

If you discover a security vulnerability, please do not create a public issue.

Instead, please report it through one of the following methods:

• Email: support@poddeck.io
• GitHub Security Advisory: Use the "Report a vulnerability" feature on GitHub.

Please include as much detail as possible:

• Steps to reproduce the issue
• Potential impact
• Any suggested fixes or mitigations

You can expect:

1. An acknowledgment within 48 hours.
2. A detailed response about our plan to investigate and resolve the issue within 5 business days.
3. A coordinated disclosure once the issue is fixed and publicly released.

If you are deploying or contributing to this project, please:

• Keep dependencies up to date.
• Avoid committing secrets, tokens, or credentials.
• Use environment variables for sensitive configuration.
• Review pull requests for potential security implications.

We follow a responsible disclosure approach:

• Vulnerabilities are privately reported and patched before public disclosure.
• Credits will be given to researchers who responsibly disclose vulnerabilities.

• GitHub Security Advisories
• OpenSSF Best Practices
• OWASP Top 10