This section outlines which versions of the project are currently supported with security updates. We actively maintain and patch vulnerabilities only in the versions marked as supported below.

Note: Versions marked with ❌ are no longer supported. We recommend upgrading to a supported version to ensure you receive the latest security fixes and updates.

We take security seriously and appreciate your help in keeping our project safe. If you discover a vulnerability, please follow the steps below to report it responsibly.

• Email: Send a detailed report to security@serviceradar.cloud.
• Discord: Alternatively, you can contact us directly via our official Discord server. Please DM a member of the security team or a project maintainer.

• A clear description of the vulnerability.
• Steps to reproduce the issue (if possible).
• Any potential impact (e.g., data exposure, denial of service, etc.).
• Optional: Suggestions for a fix, if you have them.

1. Acknowledgment: We’ll confirm receipt of your report within 48 hours.
2. Investigation: We’ll assess the vulnerability and determine its severity, typically within 5 business days.
3. Updates: You’ll receive periodic updates (approximately every 7-14 days) on our progress until the issue is resolved.
4. Resolution: If the vulnerability is validated, we’ll work on a fix and release it in a supported version. If declined (e.g., out-of-scope, not reproducible, or not a security issue), we’ll provide an explanation.

• Accepted Vulnerabilities: If confirmed, we’ll credit you in the release notes (unless you prefer to remain anonymous) and coordinate disclosure timing with you if needed.
• Declined Reports: We’ll let you know why the report didn’t qualify as a security issue and offer guidance if applicable.

Please refrain from publicly disclosing the vulnerability until we’ve had a chance to address it. We’ll work with you to ensure a responsible disclosure process.