We strive to maintain security updates for the latest major releases of our project. Here is the list of currently supported versions:

• 5.1.x: Actively supported with regular updates, including security patches and bug fixes.
• 5.0.x: End-of-life (EOL). No further security updates will be provided.
• 4.0.x: Supported for critical security updates only.
• < 4.0: Deprecated and not supported. Users are strongly encouraged to upgrade to a supported version.

We take security issues seriously and appreciate your efforts to disclose vulnerabilities responsibly.

1. Do not report vulnerabilities via public GitHub issues. This ensures the issue is addressed confidentially and responsibly.
2. Email: Report vulnerabilities by sending an email to mpbcurtis@gmail.com. Include the following details in your report:
   • A detailed description of the vulnerability.
   • Steps to reproduce the vulnerability, if applicable.
   • The potential impact of the vulnerability.
   • Any additional details or attachments (e.g., proof of concept, screenshots).

• Acknowledgment: We will acknowledge receipt of your report within 72 hours.
• Investigation: We will investigate the issue, which may take some time. We aim to provide a status update within 7 days.
• Resolution: Once the issue is confirmed, we will work to provide a fix and release it as soon as possible. You will be notified when the issue is resolved.
• Public Disclosure: We will coordinate public disclosure with you. We aim to release a patch before publicly disclosing the issue.

• We are committed to keeping our users secure. All valid security reports will be investigated promptly.
• We appreciate the community’s effort in identifying vulnerabilities and will credit reporters in the release notes if they wish to be acknowledged.

• Be Clear and Concise: Include all relevant information to help us reproduce the issue and understand its impact.
• Provide Proof of Concept: If possible, provide a proof-of-concept exploit to demonstrate the vulnerability.
• Respect Confidentiality: Avoid publicly disclosing vulnerabilities until we have been able to resolve them.

For any security-related questions or concerns, please contact our security team at mpbcurtis@gmail.com.

Our security policy is subject to change without notice. Please review this document regularly to stay informed about our security practices.