We take security seriously and will actively address security vulnerabilities in the following versions of our project:

Only the latest major version of the project is supported. Older versions may not receive security updates.

If you discover a security vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. Please do the following:

1. Do not open an issue: Security vulnerabilities should not be reported in the issue tracker. Instead, send an email to security@spinncreative.co.uk with the following details:

   • A description of the vulnerability and where it was discovered.
   • Steps to reproduce the vulnerability.
   • Any potential impact the vulnerability may have.

2. Include relevant information: To help us address the issue efficiently, please include as much information as possible. If you can, provide a proof of concept, screenshots, or logs that demonstrate the vulnerability.

3. Keep your discovery confidential: Please keep the details of any discovered vulnerabilities confidential until we can address them. This will help prevent the vulnerability from being exploited before it is resolved.

Upon receiving your report, we will:

1. Acknowledge receipt: We will respond to your report within 48 hours to acknowledge that we have received it and are investigating the issue.

2. Investigate: Our team will investigate the vulnerability and assess its impact.

3. Mitigation: We will develop a fix for the vulnerability. This may involve patching the software or providing guidance to mitigate the issue.

4. Release: Once the fix is ready, we will release it in a new version of the software. We may also publish a security advisory to notify users of the issue and the steps taken to resolve it.

5. Public Disclosure: After the issue has been resolved, we will publicly disclose the vulnerability and credit the reporter, if desired.

We follow a responsible disclosure process. We ask that you:

• Allow us a reasonable amount of time to address the vulnerability before making any information public.
• Avoid engaging in any activities that could harm our users, including exploiting the vulnerability.
• Refrain from accessing, modifying, or deleting data that does not belong to you.

If you have any questions about this security policy, or you want to report a security issue, please contact us at security@spinncreative.co.uk.

Thank you for helping to keep our project and community safe!