# Security Policy

## Supported Versions

Currently, the following versions of Articulate Rise Parser are supported with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 1.0.x   | :white_check_mark: |
| < 1.0   | :x:                |

## Reporting a Vulnerability

We take the security of Articulate Rise Parser seriously. If you believe you have found a security vulnerability, please follow these steps:

1.  **Do not disclose the vulnerability publicly** - Please do not create a public GitHub issue for security vulnerabilities.
2.  **Email the details to [security+articulate-parser@kjanat.com]** - Include as much information as possible about the vulnerability.
3.  **Wait for a response** - We will acknowledge your email within 48 hours and provide an estimated timeline for a fix.
4.  **Work with us** - We may ask for additional information to help us understand and address the issue.

## What to Include in a Report

When reporting a vulnerability, please include:

-   A clear description of the issue
-   Steps to reproduce the vulnerability
-   The potential impact of the vulnerability
-   Any possible mitigations you've identified

## What to Expect

-   We will acknowledge receipt of your vulnerability report within 48 hours.
-   We will provide regular updates about our progress.
-   We will notify you when the vulnerability is fixed.
-   With your permission, we will include your name in the acknowledgments.

## Security Measures

This project follows these security practices:

-   Regular dependency updates via Dependabot
-   CodeQL security scanning
-   Automated testing for each pull request
-   Code review requirements for all changes