# Security Policy ## Supported Versions We actively support the current 0.1.x beta release series with security updates. | Version | Supported | | ------- | -------------------- | | 0.1.x | :white\_check\_mark: | | < 0.1 | :x: | ## Reporting a Vulnerability We take the security of Mermin seriously. If you believe you have found a security vulnerability, please report it to us as described below. ### Reporting Process **Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them by opening a [GitHub Security Advisory](https://github.com/elastiflow/mermin/security/advisories/new). Please include the following information in your report: * Type of vulnerability (e.g., privilege escalation, information disclosure, eBPF verifier bypass, denial of service, etc.) * Full paths of source file(s) related to the manifestation of the vulnerability * The location of the affected source code (tag/branch/commit or direct URL) * Any special configuration required to reproduce the issue * Step-by-step instructions to reproduce the issue * Proof-of-concept or exploit code (if possible) * Impact of the issue, including how an attacker might exploit it This information will help us triage your report more quickly. ### What to Expect * We will acknowledge receipt of your vulnerability report within 5 business days. * We will send a more detailed response within 10 business days indicating the next steps in handling your report. * We will keep you informed about the progress toward a fix and full announcement. * We may ask for additional information or guidance. ### Disclosure Policy We follow coordinated disclosure: * We will work with you to understand and resolve the issue quickly. * We request that you give us a reasonable amount of time to address the vulnerability before public disclosure. * Once the vulnerability is patched, we will publish a security advisory on GitHub. * We will credit you in the advisory unless you prefer to remain anonymous. Thank you for helping keep Mermin and the community safe!