Create security policy

j-bowhay · Sep 28, 2020 · 48eca06 · 48eca06
1 parent f9d2918
commit 48eca06
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+The following table lists versions and whether they are supported. Security
+vulnerability reports will be accepted and acted upon for all supported
+versions.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.3.x   | :white_check_mark: |
+| 3.2.x   | :white_check_mark: |
+| 3.1.x   | :x:                |
+| 3.0.x   | :x:                |
+| 2.2.x   | :white_check_mark: |
+| < 2.2   | :x:                |
+
+## Reporting a Vulnerability
+
+If you have found a security vulnerability, in order to keep it confidential, 
+please do not report an issue on GitHub.
+
+Please email us details of the vulnerability at [email protected]; 
+include a description and proof-of-concept that is [short and
+self-contained](http://www.sscce.org/).
+
+You should expect a response within a week of your email. Depending on the 
+severity of the issue, this may require some time to draft an immediate bugfix
+release. Less severe issues may be held until the next release.
+
+We do not award bounties for security vulnerabilities.