From 76680674855abe4146f6975d1c3f6b8c0b56e3a1 Mon Sep 17 00:00:00 2001 From: Teagan Glenn Date: Sat, 4 Oct 2025 05:01:18 -0600 Subject: [PATCH 1/4] Create SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..034e848 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +## Reporting a Vulnerability + +Use this section to tell people how to report a vulnerability. + +Tell them where to go, how often they can expect to get an update on a +reported vulnerability, what to expect if the vulnerability is accepted or +declined, etc. From e81f4a6a679e9cc171763eae3d4814b8af4d8091 Mon Sep 17 00:00:00 2001 From: Teagan Glenn Date: Sat, 4 Oct 2025 05:02:08 -0600 Subject: [PATCH 2/4] Update SECURITY.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- SECURITY.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 034e848..7c3b927 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,9 +2,7 @@ ## Supported Versions -Use this section to tell people about which versions of your project are -currently being supported with security updates. - +The following table lists which versions of this project are currently supported with security updates. | Version | Supported | | ------- | ------------------ | | 5.1.x | :white_check_mark: | From 940012663e27b32856f83ef924876fc3a5159d68 Mon Sep 17 00:00:00 2001 From: Teagan Glenn Date: Sat, 4 Oct 2025 05:02:14 -0600 Subject: [PATCH 3/4] Update SECURITY.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- SECURITY.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7c3b927..5cbc041 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -3,12 +3,12 @@ ## Supported Versions The following table lists which versions of this project are currently supported with security updates. -| Version | Supported | -| ------- | ------------------ | -| 5.1.x | :white_check_mark: | -| 5.0.x | :x: | -| 4.0.x | :white_check_mark: | -| < 4.0 | :x: | +| Version | Supported | +| --------- | ------------------ | +| 2.3.1 | :white_check_mark: | +| 2.2.0 | :white_check_mark: | +| 2.1.0 | :x: | +| < 2.1.0 | :x: | ## Reporting a Vulnerability From e12a9ed08a0d2aad44f170cc917560594e815930 Mon Sep 17 00:00:00 2001 From: Teagan Glenn Date: Sat, 4 Oct 2025 05:02:21 -0600 Subject: [PATCH 4/4] Update SECURITY.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- SECURITY.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 5cbc041..c11bb64 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -12,8 +12,13 @@ The following table lists which versions of this project are currently supported ## Reporting a Vulnerability -Use this section to tell people how to report a vulnerability. +If you discover a security vulnerability in this project, please report it by emailing **security@example.com** with the subject line "Security Vulnerability Report". -Tell them where to go, how often they can expect to get an update on a -reported vulnerability, what to expect if the vulnerability is accepted or -declined, etc. +Please include as much detail as possible, including: +- A description of the vulnerability +- Steps to reproduce +- Potential impact + +We will acknowledge receipt of your report within **2 business days**. You can expect a status update within **7 business days**. We will keep you informed of our progress and may request additional information if needed. + +If the vulnerability is confirmed, we will work to resolve it as quickly as possible and will notify you when a fix is available. If the report is declined, we will provide a clear explanation.