# Security Policy ## Supported Versions Security fixes are provided on a best-effort basis for: - the latest Bearhub release - the current `main` branch Older releases may not receive security updates. ## Reporting a Vulnerability Please do not open public issues for undisclosed security vulnerabilities. Use one of these channels: 1. GitHub Security Advisories (preferred): - Go to the repository `Security` tab - Create a private vulnerability report 2. If advisory reporting is unavailable, contact maintainers directly via GitHub. Include as much detail as possible: - affected Bearhub version - platform details (Arch version, Python version, desktop session) - reproduction steps - expected vs. actual behavior - logs, stack traces, and proof-of-concept (if available) ## Response Process Maintainers will: - acknowledge the report as soon as possible - validate impact and scope - prepare and publish a fix - credit reporters where appropriate (if desired) ## Disclosure Please allow reasonable time for validation and patching before public disclosure. Once fixed, we will disclose: - impacted versions - mitigation/fix guidance - release references containing the patch