If you discover a security vulnerability in any RazBuild project:

1. Do not disclose the vulnerability publicly.

2. Do not open a public GitHub issue.

3. Report the issue by email to: real.raz.dev@gmail.com

4. Include:

   • A description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Affected project and version

• Initial response within 48 hours.
• Valid reports will be investigated and addressed as quickly as possible.
• Security fixes may be released before full public disclosure.

Security updates are generally provided only for the latest stable release of each project.

Projects may define additional version-specific support policies in their own repositories.