The following table lists which versions of Yale3 are currently supported with security updates:

Only the latest stable version (2.2.0) and future patch updates (2.2.x) receive security patches. All versions below 2.2.0 are considered unsupported and should be upgraded.

If you discover a security vulnerability in Yale3, we strongly encourage responsible disclosure.

Please follow these steps to report a vulnerability:

1. Email us at: kartikaykaul13@gmail.com
   Use the subject line: Security Vulnerability - Yale3.

2. Include the following in your report:

   • A clear description of the vulnerability.
   • Steps to reproduce (if applicable).
   • Any potential impact or affected functionality.
   • Any suggestions for remediation (optional).

3. What to expect:

   • Acknowledgment within 48 hours.
   • Initial response or status update within 5 business days.
   • Notification of resolution and credit in the changelog (unless you request anonymity).

Please do not:

• Publish or publicly disclose details before we release a fix.
• Exploit the vulnerability to access or modify user data.
• Perform active testing on real users or production environments.

We deeply appreciate researchers and users who contribute to making Yale3 more secure.

Thank you!