diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..3c2e4c60 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security Policy + +## Supported Versions + +This is the list of versions of PurgeCSS which are currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.0.x | :white_check_mark: | +| < 5.0 | :x: | + +## Reporting a Vulnerability + +To report a vulnerability, please report it directly on GitHub. If you are not able to report it on GitHub, +you can send an email with the details to contact@full-human.com. The vulnerability report must include a +proof-of-concept of the exploit, or at least a few pointers that can help us assess the risk level. +Your report will be acknowledged within 2 business days.