# Security Policy## Supported VersionsThis project will always provide security fixes for the latest two releasedversions. E.g. if the latest version is v0.28.x, then we will provide securityfixes for both v0.28.x and v0.27.y, but no later versions.## Reporting a VulnerabilityIn case you think to have found a security issue with libgit2, please do notopen a public issue. Instead, you can report the issue to the private mailinglist [security@libgit2.com](mailto:security@libgit2.com). We will acknowledgereceipt of your message in at most three days and try to clarify further steps.