# Security Policy

## Supported Versions

This project will always provide security fixes for the latest two released
versions. E.g. if the latest version is v0.28.x, then we will provide security
fixes for both v0.28.x and v0.27.y, but no later versions.

## Reporting a Vulnerability

In case you think to have found a security issue with libgit2, please do not
open a public issue.  Instead, you can report the issue to the private mailing
list [security@libgit2.com](mailto:security@libgit2.com). We will acknowledge
receipt of your message in at most three days and try to clarify further steps.