# Security Policy

## Supported Versions

We support the latest minor release series. Please use the most recent tagged version.

## Reporting a Vulnerability

If you believe you have found a security vulnerability in Poindexter:

- Please DO NOT open a public GitHub issue.
- Email the maintainer listed on the repository profile with:
  - A description of the issue and its impact
  - Steps to reproduce (a minimal proof-of-concept if possible)
  - Affected versions/commit hashes
- We will acknowledge receipt within 5 business days and work with you on a fix and coordinated disclosure.

## Dependencies

We run `govulncheck` in CI. If you see alerts or advisories that affect Poindexter, please include links or CVE identifiers in your report.