# Security Policy

## Reporting a Vulnerability
If you discover a potential security vulnerability in **WFGY**, please report it responsibly:
1. **Email**: hello@onestardao.com (subject: “[WFGY Security]”)
2. **Telegram**: Message @PSBigBig with subject “[WFGY Security]” (avoid posting sensitive details in public chats).
3. **GitHub Private Issue**: If private issues are enabled, open a private issue titled “[Security] WFGY Vulnerability”.  
Please do **not** disclose detailed vulnerability information in public issue or forum posts to prevent exploitation before a fix is released.

Maintainers will respond within 1–2 business days to acknowledge receipt and discuss next steps.

## Response Process
- Upon receiving a report, maintainers will confirm and follow up with you privately.
- A fix will be prepared and released in a new version; the Release Notes will describe the security fix.
- If applicable, maintainers will assist with assigning a CVE and coordinate disclosure timing.

## Supported Versions
- Detail which versions are supported with security fixes. Example:
  - “Security fixes will be backported to the latest minor release branch for versions >= 1.0.”
- If you only support the latest release, state that clearly.

## Contact
- Email: hello@onestardao.com  
- Telegram: @PSBigBig  
- GitHub Advisory: https://github.com/onestardao/WFGY/security/advisories (enable this if desired)