SECURITY.md

# Security Policy

## Supported Versions

MemPalace follows semantic versioning. Security fixes land on the current major version line.

| Version            | Supported |
| ------------------ | --------- |
| 3.x (current)      | Yes       |
| 2.x and earlier    | No        |

## Reporting a Vulnerability

**Please do not report security vulnerabilities through public GitHub issues.**

We take the security of MemPalace seriously. If you believe you have found a security vulnerability, please report it privately using **GitHub Private Vulnerability Reporting**:

1. Open the [Security tab](https://github.com/MemPalace/mempalace/security) of this repository.
2. Click **Advisories** → **Report a vulnerability**.
3. Fill in the form with the details below.

### What to include in your report

- A descriptive summary of the vulnerability.
- Detailed steps to reproduce the issue (including any proof-of-concept scripts or specific file paths).
- The affected version(s) and platform(s).
- The potential impact and severity.

### What to expect

- We aim to acknowledge receipt within 48 hours.
- We will triage the issue and keep you updated on progress toward a patch.
- Once the vulnerability is resolved and an update is released, we will publish a security advisory and credit you for the discovery (if you wish to be credited).
Create SECURITY.md 2026-04-13 12:49:33 -04:00			`# Security Policy`

			`## Supported Versions`

docs: tighten SECURITY.md with real version policy and GHPVR-only channel 2026-04-14 11:50:00 -03:00			`MemPalace follows semantic versioning. Security fixes land on the current major version line.`
Create SECURITY.md 2026-04-13 12:49:33 -04:00
docs: tighten SECURITY.md with real version policy and GHPVR-only channel 2026-04-14 11:50:00 -03:00			`\| Version \| Supported \|`
			`\| ------------------ \| --------- \|`
			`\| 3.x (current) \| Yes \|`
			`\| 2.x and earlier \| No \|`
Create SECURITY.md 2026-04-13 12:49:33 -04:00
			`## Reporting a Vulnerability`

			`Please do not report security vulnerabilities through public GitHub issues.`

docs: tighten SECURITY.md with real version policy and GHPVR-only channel 2026-04-14 11:50:00 -03:00			`We take the security of MemPalace seriously. If you believe you have found a security vulnerability, please report it privately using GitHub Private Vulnerability Reporting:`

			`1. Open the [Security tab](https://github.com/MemPalace/mempalace/security) of this repository.`
			`2. Click Advisories → Report a vulnerability.`
			`3. Fill in the form with the details below.`

			`### What to include in your report`
Create SECURITY.md 2026-04-13 12:49:33 -04:00
docs: tighten SECURITY.md with real version policy and GHPVR-only channel 2026-04-14 11:50:00 -03:00			`- A descriptive summary of the vulnerability.`
			`- Detailed steps to reproduce the issue (including any proof-of-concept scripts or specific file paths).`
			`- The affected version(s) and platform(s).`
			`- The potential impact and severity.`
Create SECURITY.md 2026-04-13 12:49:33 -04:00
docs: tighten SECURITY.md with real version policy and GHPVR-only channel 2026-04-14 11:50:00 -03:00			`### What to expect`
Create SECURITY.md 2026-04-13 12:49:33 -04:00
docs: tighten SECURITY.md with real version policy and GHPVR-only channel 2026-04-14 11:50:00 -03:00			`- We aim to acknowledge receipt within 48 hours.`
			`- We will triage the issue and keep you updated on progress toward a patch.`
			`- Once the vulnerability is resolved and an update is released, we will publish a security advisory and credit you for the discovery (if you wish to be credited).`