# Security Policy

## Supported Versions

Only the latest release of proj4js receives security fixes.

| Version | Supported |
|---------|-----------|
| latest  | ✅        |
| older   | ❌        |

## Reporting a Vulnerability

Please **do not** report security vulnerabilities through public GitHub issues.

Instead, use [GitHub private vulnerability reporting](https://github.com/proj4js/proj4js/security/advisories/new) to submit a report confidentially. This allows us to assess and address the issue before any public disclosure.

Please include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a minimal proof-of-concept
- Any suggested mitigations, if known

We will acknowledge the report within 7 days and aim to release a fix within 90 days, following responsible disclosure practices.