# Security Policy

## Reporting a vulnerability

Please do not open a public GitHub issue for an undisclosed security
vulnerability. Use GitHub private vulnerability reporting in the Security tab of this project instead.

When reporting a vulnerability, include:

- the affected parsedmarc version or commit
- the component or integration involved
- clear reproduction details if available
- potential impact
- any suggested mitigation or workaround

## Supported versions

Security fixes will be applied to the latest released version and
the current `master` branch.

Older versions will not receive backported fixes.

## Disclosure process

After a report is received, maintainers can validate the issue, assess impact,
and coordinate a fix before public disclosure.

Please avoid publishing proof-of-concept details until maintainers have had a
reasonable opportunity to investigate and release a fix or mitigation.