We only provide security updates for the latest version of the plugin. Please ensure you're running the most recent release.

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Instead, please report vulnerabilities via one of these methods:
   • GitHub Security Advisories: Report a vulnerability
   • Email: Contact the repository owner directly

When reporting a vulnerability, please include:

• A clear description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any suggested fixes (if available)

• Initial Response: Within 48 hours
• Status Update: Within 7 days
• Resolution: Depends on severity and complexity

1. We will acknowledge receipt of your report
2. We will investigate and validate the vulnerability
3. We will work on a fix and coordinate disclosure timing with you
4. Once fixed, we will release a security update
5. We will publicly acknowledge your contribution (unless you prefer anonymity)

When using this plugin:

1. Keep Updated: Always use the latest version
2. Permissions: Only grant disabletrade.bypass to trusted staff
3. Server Security: Follow general Minecraft server security practices
4. Configuration: Review your config.yml settings regularly

This security policy covers:

• The DisableVillagerTrade plugin code
• Configuration handling
• Permission system

This policy does not cover:

• Third-party plugins or modifications
• Server software vulnerabilities (Spigot, Paper, etc.)
• Minecraft client vulnerabilities

We appreciate security researchers who help keep our plugin safe. Contributors who report valid vulnerabilities will be:

• Credited in the release notes (if desired)
• Added to our security acknowledgments

Thank you for helping keep DisableVillagerTrade secure! 🛡️