# Security Policy — ${REPO_NAME}

## Reporting a Vulnerability

**Do NOT open a public issue for security vulnerabilities.**

Instead, please report vulnerabilities privately:

1. Email: **security@hiddenden.cafe** (preferred)
2. Or use the Gitea "Security" issue template which reminds reporters to use private channels.

Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)

We aim to acknowledge reports within **48 hours** and provide a fix or mitigation plan
within **7 days** for critical issues.

## Supported Versions

| Version | Supported |
| ------- | --------- |
| latest  | Yes       |

## Security Scanning

This repository optionally runs automated security scanning via Gitea Actions.
To enable it, set `ENABLE_SECURITY=true` in `.ci/config.env`.
See [docs/SECURITY.md](docs/SECURITY.md) for details.