Security

.github/SECURITY.md

Security Policy

Supported Versions

Security fixes are prioritized for:

Version	Supported
`main` branch	yes
Latest release tag	yes
Older tags	best effort only

Reporting a Vulnerability

Do not report vulnerabilities in public GitHub issues.

Please use GitHub private vulnerability reporting:

https://github.com/PeterBooker/veloria/security/advisories/new

Include as much detail as possible:

Affected version, branch, or commit
Reproduction steps and prerequisites
Impact assessment
Any known mitigations

Response Targets

Initial acknowledgement: within 3 business days
Triage and severity decision: within 7 business days
Fix timeline: depends on severity and release risk

Disclosure

After a fix is released, we will disclose:

Affected versions
Mitigation guidance
Upgrade path

There aren’t any published security advisories