# Security Policy

## Supported Versions

Currently, we are providing security updates for the latest release in the v1.x series:

| Version | Supported          |
| ------- | ------------------ |
| Latest v1.x  | :white_check_mark: |

## Reporting a Vulnerability

If you believe you have found an active security vulnerability in `libuv`, please report it to libuv-security@googlegroups.com. Please report all other issues on the github issue tracker. We have been forced to terminate the ability to use Github's private vulnerability reporting due to a flood of AI-generated report spam, and a lack of sufficient moderation tools to manage the false reports.

This will allow us to assess the risk and make a fix available before we add a bug report to the GitHub repository and issue a Github security advisory and assign a CVE.

Please do:

* Provide as much information as you can about the vulnerability.
* Provide details about your configuration and environment, if applicable.

Please do not:

* Post any information about the vulnerability in public places.
* Attempt to exploit the vulnerability yourself.

We take all security bugs seriously. Thank you for improving the security of `libuv`. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.