# Security Policy

## Supported Versions

| Version       | Supported          |
| ------------- | ------------------ |
| 1.4.2         | :white_check_mark: |
| < 1.4.2       | :x:                |

## Reporting a Vulnerability

Please report security vulnerabilities by email to `security@scikit-learn.org`.
This email is an alias to a subset of the scikit-learn maintainers' team.

If the security vulnerability is accepted, a patch will be crafted privately
in order to prepare a dedicated bugfix release as timely as possible (depending
on the complexity of the fix).

In addition to sending the report by email, you can also report security
vulnerabilities to [tidelift](https://tidelift.com/security).