We only support the latest version of Fret Flashcards. For security reasons, we strongly recommend that all users upgrade to the latest version as soon as possible.

Important: Older versions are not supported and will not receive security updates. Please upgrade to the latest version to ensure you have the most recent security patches and improvements.

We take security seriously and appreciate your efforts to responsibly disclose your findings. If you discover a security vulnerability in Fret Flashcards, please follow these guidelines:

1. DO NOT create a public GitHub issue for security vulnerabilities
2. Email security reports to: [security@yourdomain.com] (replace with your actual security contact email)
3. Include the following information in your report:
   • Description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact
   • Any suggested fixes or mitigations

• Acknowledgment: You will receive an acknowledgment within 48 hours
• Initial Assessment: We will provide an initial assessment within 7 days
• Regular Updates: We will provide updates on our progress at least every 30 days
• Resolution Timeline: We aim to resolve critical vulnerabilities within 30 days, and other vulnerabilities within 90 days

1. Accepted: If the vulnerability is accepted, we will:

   • Work on a fix
   • Keep you updated on progress
   • Credit you in our security advisories (unless you prefer to remain anonymous)
   • Coordinate disclosure timing with you

2. Declined: If the vulnerability is declined, we will:

   • Explain our reasoning
   • Provide guidance on whether it should be reported elsewhere

This security policy applies to:

• The Fret Flashcards web application
• Mobile applications (iOS)
• All dependencies and third-party libraries
• The build and deployment infrastructure

The following are considered out of scope for security reporting:

• Issues requiring physical access to the device
• Social engineering attacks
• Denial of service attacks
• Issues in third-party services we don't control

We believe in recognizing security researchers who help us improve our security posture. Contributors who follow responsible disclosure practices will be acknowledged in our security advisories and may be eligible for recognition in our project documentation.

If you have questions about this security policy or need clarification on any aspect of the reporting process, please don't hesitate to reach out to us at [security@yourdomain.com].

Note: This is a template security policy. Please update the contact email address and any other specific details to match your project's actual security contact information.