# Security Policy

## Supported Versions

| Version | PHP | Laravel | Supported |
| ------- | --- | ------- | --------- |
| Current | 8.4 | 11.x    | ✅ Yes    |

## Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it by **opening a GitHub issue** with the label `security`.

For sensitive issues that shouldn't be disclosed publicly, contact the repository owner directly through GitHub.

### What to Include

- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)

### Response Timeline

- **Acknowledgment**: Within 48 hours
- **Initial Assessment**: Within 7 days
- **Fix/Update**: As soon as possible, depending on severity

## Security Best Practices for Contributors

- Never commit API keys, passwords, or tokens
- Use `.env` for all sensitive configuration
- Keep dependencies updated
- Follow Laravel security best practices
