SECURITY.md - benmcollins/libjwt - Git at Google

 # Security Policy

 ## Supported Versions
 | Version | Supported          |
 | ------- | ------------------ |
 | 3.3.x   | :white_check_mark: |
 | 2.1.x   | :white_check_mark: |
 | < 2.1.1 | :x:                |

 ## Reporting a Vulnerability
 **DO NOT** create a public GitHub issue for security vulnerabilities.
 Instead, please report it via the following channels:

 1. **Email:** bcollins@libjwt.io (Encrypted PGP preferred)
 2. **GitHub Private Report:** Use the "Private Security Report" feature on this repository.

 ## What to Include
 - Description of the vulnerability.
 - Steps to reproduce the issue.
 - Impact assessment (e.g., "Creates weak tokens").
 - Suggested fix (optional).

 ## Response Timeline
 - **Acknowledgement:** Within 48 hours.
 - **Resolution:** Within 7 days for critical issues.
 - **Disclosure:** Public advisory after the fix is released.
	# Security Policy

	## Supported Versions
	\| Version \| Supported \|
	\| ------- \| ------------------ \|
	\| 3.3.x \| :white_check_mark: \|
	\| 2.1.x \| :white_check_mark: \|
	\| < 2.1.1 \| :x: \|

	## Reporting a Vulnerability
	DO NOT create a public GitHub issue for security vulnerabilities.
	Instead, please report it via the following channels:

	1. Email: bcollins@libjwt.io (Encrypted PGP preferred)
	2. GitHub Private Report: Use the "Private Security Report" feature on this repository.

	## What to Include
	- Description of the vulnerability.
	- Steps to reproduce the issue.
	- Impact assessment (e.g., "Creates weak tokens").
	- Suggested fix (optional).

	## Response Timeline
	- Acknowledgement: Within 48 hours.
	- Resolution: Within 7 days for critical issues.
	- Disclosure: Public advisory after the fix is released.