# Security Policy The Argenta team takes security seriously. We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions. ## Supported Versions This table shows the versions of Argenta that are currently supported with security updates. | Version | Supported | |---------|-----------------| | 1.1.x | ✅ | | < 1.1 | ❌ | ## Reporting a Vulnerability If you believe you have found a security vulnerability in Argenta, please report it to us through one of the following methods: - **Email**: Send a detailed report to `kolo.is.main@gmailcom`. - **GitHub Security Advisories**: You can create a new security advisory directly in the Argenta repository. **Please do not report security vulnerabilities through public GitHub issues.** ### What to Include To help us understand and resolve the issue quickly, please include the following information in your report: - A clear and descriptive title. - The affected version(s) of Argenta. - A detailed description of the vulnerability. - Step-by-step instructions to reproduce the issue (a Proof-of-Concept). - The potential impact of the vulnerability. - Any suggested mitigations or fixes, if you have any. You can expect a response from us within 48 hours to acknowledge receipt of your report. ## Disclosure Process 1. Upon receiving a vulnerability report, we will assign it to a team member and begin our investigation. 2. We will confirm the vulnerability and determine its severity. 3. We will work on a patch to address the issue. 4. Once the patch is ready, we will coordinate with you to schedule a release and a public disclosure. We prefer to disclose vulnerabilities through a GitHub Security Advisory. 5. We will credit you for your discovery in the advisory, unless you prefer to remain anonymous. ## Security Best Practices As a user of Argenta, we recommend the following best practices to keep your application secure: - Always use the latest version of Argenta. - Regularly scan your project's dependencies for known vulnerabilities. - If your application handles sensitive data, ensure it is stored and transmitted securely. ## Bug Bounty Program Currently, we do not have a formal bug bounty program. However, we deeply appreciate the work of security researchers and may offer non-monetary recognition for significant contributions.