# Security Policy

## Supported Versions

SimpleOTP packages have their versioning system in sync with .NET versions. That means that for each active .NET version there will be a corresponding major version of the packages.

We regularly run security audits and fix any security issues that are found. If you find a security issue, please report it to us as described below.

## .NET support

We support all active .NET versions until the end of their lifecycle. We do not support .NET versions that reached their end of support. That means that at a time there're can be at max three versions of .NET that are being supported (LTS, active, and preview or next LTS).

> [!IMPORTANT]
Support of .NET preview versions is not guaranteed and is to be announced.

> [!IMPORTANT]
.NET Core, .NET Standard and other .NET editions existing prior to .NET 5 are not and will not be supported

## Reporting a Vulnerability
If you found any vulnerability, please tell us on opensource@xfox111.net. You'll get all updates on a reported issue, unless you stated it in the message

Please, **do not open an issue for an vulnerability**, unless you've been told to do so by project maintainers