# Security Policy

## Supported Versions

We currently support the following versions of the Lethean plugin for BTCPayServer:

| Version | Supported   |
|---------|-------------|
| 1.1.x   | ✅ Yes       |
| 1.0.x   | ❌ No        |

## Reporting a Vulnerability

If you discover a security vulnerability, we strongly encourage responsible disclosure.

Please **do not** create public GitHub issues or pull requests for security-related matters.

Instead, report it privately by contacting repository admins:

- Matrix: [#btcpay-lethean:matrix.org](https://matrix.to/#/#btcpay-lethean:matrix.org)

Include as much information as possible:
- Vulnerability description
- Affected version(s)
- Reproduction steps or proof-of-concept
- Impact assessment

We aim to respond within **3 days** and will coordinate disclosure once a fix is available.

## Security Best Practices

When contributing code, please follow these security practices:
- Validate and sanitize all external inputs
- Avoid using deprecated or insecure libraries
- Do not hardcode credentials or secrets