1# Security Policy 2 3## Supported Versions 4 5Security fixes are not back-ported. Please make sure you are running at least the latest [release version](https://jsoup.org/download) of jsoup. 6 7Please remember that jsoup is an Open Source library and is provided without any warranty. Before using jsoup in a critical environment, you should satisfy yourself that it works correctly and securely for your needs. 8 9## Reporting a Vulnerability 10 11If you believe or suspect you have identified a security vulnerability, please [report it](https://github.com/jhy/jsoup/security/advisories) 12via the "Report a Vulnerability" button in Security Advisories. 13([Details](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)) 14 15We follow [Coordinated Disclosure](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/about-coordinated-disclosure-of-security-vulnerabilities) practices and ask that you do too. 16 17Please provide as much detail as possible in your report, including the steps to reproduce the vulnerability and sample code. 18 19Alternatively to using GitHub, or if you have a security question, please email `[email protected]`. 20 21## Fixing Vulnerabilities 22 23We take all vulnerability reports seriously and strive to fix them as quickly as possible. Once we receive a report, we will verify the vulnerability and its impact. We will then work to develop and test a fix for the vulnerability, and release it as soon as possible. 24