We release patches for security vulnerabilities in the following versions:

We take security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Please do NOT report security vulnerabilities through public GitHub issues.

Instead, please report them via one of the following methods:

1. Email: Send an email to security@example.com
2. GitHub Security Advisory: Use GitHub's private vulnerability reporting feature

Please include the following information in your report:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit it

After you submit a report, we will:

1. Confirm receipt of your vulnerability report within 48 hours
2. Provide regular updates on our progress
3. Credit you in our security advisories (unless you prefer to remain anonymous)

When using this project, please follow these security best practices:

• Keep your dependencies up to date
• Use environment variables for sensitive configuration
• Implement proper input validation
• Use HTTPS in production
• Regularly review and audit your code
• Follow the principle of least privilege

Security updates will be released as patch versions (e.g., 1.0.1, 1.0.2) and will be clearly marked in the changelog.

We would like to thank the following security researchers who have responsibly disclosed vulnerabilities:

• [List security researchers here]

Thank you for helping keep our project and users safe!