# Security Policy

## Supported Versions

The following list describes whether a version is eligible or not for security updates.

| Version | Supported          | EOL         |
| ------- | ------------------ |-------------|
| 1.0.x   | :heavy_check_mark: | -           |

## Reporting a Vulnerability

Should you find a vulnerability, please report it privately to me via [e-mail](mailto:paolostivanin@users.noreply.github.com).
The following is the workflow:
- security issue is found, an e-mail is sent to me
- within 24 hours I will reply to your e-mail with some info like, for example, whether it actually is a security issue and how serious it is
- within 7 days I will develop and ship a fix
- once the update is out I will open a [security advisory](https://github.com/paolostivanin/OTPClient/security/advisories)