# Security Policy

## Supported Versions

Only the latest released version of TimeDate receives security fixes.

| Version | Supported |
| ------- | --------- |
| latest  | Yes       |
| older   | No        |

## Reporting a Vulnerability

TimeDate handles date/time string parsing and may be used to process untrusted
input. If you discover a security vulnerability, **please do not report it
publicly** via a GitHub issue.

Instead, report it privately using one of these methods:

- **GitHub private vulnerability reporting**: use the
  [Security Advisory](https://github.com/cpan-authors/TimeDate/security/advisories/new)
  form on GitHub (preferred).
- **Email**: contact the maintainer directly. You can find contact details on
  the [CPAN author page for ATOOMIC](https://metacpan.org/author/ATOOMIC).

Please include as much detail as possible:

- A description of the vulnerability
- Steps to reproduce or a minimal proof-of-concept
- The potential impact

## Disclosure Policy

- We will acknowledge receipt of your report within **5 business days**.
- We aim to provide an assessment and a fix timeline within **14 days**.
- We will coordinate public disclosure with you after a fix is available.

This project follows the guidelines described at
<https://security.metacpan.org/docs/guides/security-policy-for-authors.html>.