# Security Policy

## Reporting a Vulnerability

**Do not open a GitHub or Codeberg issue for security vulnerabilities.**

Email: `security@circuitforge.tech`

Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fix (optional)

**Response target:** 72 hours for acknowledgement, 14 days for triage.

We follow responsible disclosure — we will coordinate a fix and release before any
public disclosure and will credit you in the release notes unless you prefer to remain
anonymous.

## Supported Versions

| Version | Supported |
|---------|-----------|
| Latest release | ✅ |
| Older releases | ❌ — please upgrade |