1# Security Policy
2
3## Supported Versions
4
5Only the latest release of Matcha is supported with security updates.
6
7## Reporting a Vulnerability
8
9If you discover a security vulnerability in Matcha, please report it responsibly. **Do not open a public issue.**
10
11Email us at [us@floatpane.com](mailto:us@floatpane.com) with:
12
13- A description of the vulnerability
14- Steps to reproduce the issue
15- The potential impact
16- Any suggested fixes (optional)
17
18We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 days, depending on severity.
19
20## Scope
21
22This policy covers the Matcha codebase and its official releases. Third-party dependencies are outside our direct control, but we will work to address reported issues in dependencies as quickly as possible.
23
24## Disclosure
25
26We ask that you give us reasonable time to address the issue before disclosing it publicly. We are committed to crediting reporters in release notes (unless you prefer to remain anonymous).