# Security Policy

## Supported Versions

OpenSC releases are made roughly once a year, unless important security is discovered.

OpenSC does not release micro updates for previously released versions and does not
backport security fixes into them.

| Version  | Supported          |
| -------- | ------------------ |
| 0.20.0   | :white_check_mark: |
| < 0.20.0 | :x:                |

## Reporting a Vulnerability

If you discovered security vulnerability in supported version of OpenSC,
you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
(note, that these issues are public!) or you can send email to any recently active
project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
jakuje(at)gmail.com .

You can expect update on the issue no later than in two weeks.