# Security Policy

## Supported Versions

For now, only the released latest version of Lysand is supported for security updates. This will change as Lysand exits alpha status.

## Reporting a Vulnerability

If you find a vulnerability, please report it to [@CPlusPatch](https://github.com/CPlusPatch) at the following contact endpoints:

- [Matrix](https://matrix.to/#/@jesse:cpluspatch.dev)
- [E-mail](mailto:contact@cpluspatch.com)

Please do not report vulnerabilities publicly until they have been patched. If you would like to be credited for your discovery, please include your name and/or GitHub username in your report.

## Vulnerability Disclosure Policy

Lysand is an open-source project, and as such, we welcome security researchers to audit our code and report vulnerabilities. We will do our best to patch vulnerabilities as quickly as possible, and will credit researchers for their discoveries if they wish to be credited.

For security reasons, we ask that you do not publicly disclose vulnerabilities until they have been patched. We will do our best to patch vulnerabilities as quickly as possible, and will credit researchers for their discoveries if they wish to be credited.

Thank you for helping to keep Lysand secure! :3