# Security Policy

## Supported Versions

| Version          | Supported          |
| ---------------- | ------------------ |
| latest-release   | :white_check_mark: |
| *                | :x:                |

## Reporting a Vulnerability

Security issues in the Cutter repository should be reported by email to security@cutter.re. Your email will be delivered to a small security team that will handle the report. Your email will be acknowledged within 48 hours, and you'll receive a more detailed response to your email within 72 hours indicating the next steps in handling your report.

For your convenience, we accept reports written in one of the languages listed on our [security.txt](https://cutter.re/.well-known/security.txt) page, but we prefer reports in English.

If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past week, there are a few steps you can take (in order):

- Directly contact [Itay Cohen](https://www.megabeets.net/about.html#contact) from the Security Team
- Inform the team over the [public chats](https://cutter.re/#community) that you sent a message regarding a security issue.

**Important:** Don't disclose any information regarding the issue itself in the public chats.

Please note that the Cutter Security team isn't handling security issues on the rizin repository.