# Security Policy

We at Cyr-To-Lat take the security of our software products and services seriously, including all source code repositories managed through our GitHub organizations.

If you believe you have found a security vulnerability in our repository, please report it to us as described below.

## Where do I report security bugs found in this plugin?

Please report security vulnerabilities by email to:

**security@kagg.eu**

When reporting a vulnerability, please include as much information as possible to help us reproduce and investigate the issue, such as:

- A clear description of the vulnerability
- Steps to reproduce
- Proof-of-concept or exploit code (if available)
- Affected versions

We will review your report and respond as quickly as possible.

**Please do not report security vulnerabilities through public GitHub issues.**

## Responsible Disclosure

We kindly ask that you:

- Give us a reasonable amount of time to investigate and fix the issue before public disclosure
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it

## Preferred Languages

We prefer all communications to be in English.

## Supported Versions

Generally, *only the latest version of Cyr-To-Lat is actively supported*. If a critical vulnerability is found, we may choose to backport fixes to previous versions at our discretion.