From a641d3c408a10835da841daab68929b41b8fba10 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Thu, 13 Nov 2025 06:14:11 -0500
Subject: [PATCH 1/3] docs: update security policy for OWASP Java Encoder

---
 SECURITY.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..99edee1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Only the currently released version of the OWASP Java Encoder is supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.3.1   | :white_check_mark: |
+| < 1.3.1 | :x:                |
+
+## Reporting a Vulnerability
+
+If you suspect that there is a vulnerability, please open an issue.

From 2e44c9c3556651b0df94418e01ffc8c09c1ccb7b Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Thu, 13 Nov 2025 06:16:46 -0500
Subject: [PATCH 2/3] Update SECURITY.md

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 99edee1..18976f0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -11,4 +11,4 @@ Only the currently released version of the OWASP Java Encoder is supported.
 
 ## Reporting a Vulnerability
 
-If you suspect that there is a vulnerability, please open an issue.
+If you suspect that there is a vulnerability, please report it privately using GitHub's [Security Advisories](https://github.com/OWASP/owasp-java-encoder/security/advisories/new) or email security@owasp.org.

From bb393861a49f8d13e12579049908d15723f01213 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Thu, 13 Nov 2025 06:17:23 -0500
Subject: [PATCH 3/3] Apply suggestions from code review

---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 18976f0..f97550f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -11,4 +11,4 @@ Only the currently released version of the OWASP Java Encoder is supported.
 
 ## Reporting a Vulnerability
 
-If you suspect that there is a vulnerability, please report it privately using GitHub's [Security Advisories](https://github.com/OWASP/owasp-java-encoder/security/advisories/new) or email security@owasp.org.
+If you suspect that there is a vulnerability, please report it privately using GitHub's [Security Advisories](https://github.com/OWASP/owasp-java-encoder/security/advisories/new).