# Security Policy

## Supported Versions

The following list describes whether a version is eligible or not for security updates.

| Version | Supported          | EOL         |
|---------|--------------------|-------------|
| 3.6.x   | :white_check_mark: | -           |
| 3.5.x   | :x:                | 31-Mar-2024 |
| 3.4.1   | :white_check_mark: | 31-May-2024 |
| 3.4.0   | :x:                | 29-Feb-2024 |
| 3.3.x   | :x:                | 29-Feb-2024 |
| 3.2.x   | :x:                | 31-Jan-2024 |
| 3.1.x   | :x:                | 30-Nov-2023 |
| 3.0.x   | :x:                | 31-Dec-2022 |
| 2.6.x   | :x:                | 15-Jan-2023 |
| 2.5.x   | :x:                | 31-Aug-2022 |
| 2.4.x   | :x:                | 15-May-2022 |
| 2.3.x   | :x:                | 28-Feb-2021 |
| 2.2.x   | :x:                | 27-May-2020 |
| 2.1.x   | :x:                | 20-Apr-2020 |
| 2.0.x   | :x:                | 08-Mar-2020 |
| 1.5.x   | :x:                | 31-Mar-2020 |
| < 1.5.0 | :x:                | 27-Jun-2019 |

## Reporting a Vulnerability

In case you should find a vulnerability, please report it privately to me via [e-mail](mailto:info@paolostivanin.com).
The following is the workflow:
- security issue is found, an e-mail is sent to me
- within 24 hours I will reply to your e-mail with some info like, for example, whether it actually is a security issue and how serious it is
- within 7 days I will develop and ship a fix
- once the update is out I will open a [security advisory](https://github.com/paolostivanin/OTPClient/security/advisories)