# Security Policy

## Supported Versions

All minor-incremented versions are 
supported - this means that "0.3.3" and "0.3.5" 
are considered the same version for general purposes. 
If a vulnerability exists specifically in one version
and was patched in another without announcement, go ahead
and send a SECURE contact. 

## Reporting a Vulnerability

If you are submitting something minor - that likely won't
affect users - you can submit it in Issues. This also includes
vulnerabilities which are already being exploited, as they
need urgent fixing.

If you are submitting a major vulnerability which is highly
likely to affect users if discovered, send an email to
the first author listed in the Cargo.toml authors list.
This is considered a "secure" contact. If you need further
security, encrypt the email using GPG. The current key
signature for this purpose is 4FCEF13594C787E1D80190AC23562CB7D56B039E.