diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 000000000..5ed26fa5f --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,22 @@ +# Security Policy + +## Supported Versions + +With some exceptions, only the latest minor version (4.x), currently receive patches for security vulnerabilities. +The previous minor version _might_ be patched if the fix is simple. No update shall be done to previous major version (aka 3.x) or previous minor releases at this time. + +## Reporting a Vulnerability + +Please report (suspected) security vulnerabilities to the main contributors (listed below) by contacting us directly or on [Chat](https://chat.userfrosting.com). +If you have a fix, don't hesitate to explain or attach it. Using the issue system should be avoided for suspected security vulnerabilities. +We'll try our best to reply in due time. If the issue is confirmed, we will see to release a patch as soon as possible depending on complexity. + +### Main contributors: +- [@alexweissman](https://github.com/alexweissman) +- [@lcharette](https://github.com/lcharette) - louis@bbqsoftwares.com +- [@Silic0nS0ldier](https://github.com/Silic0nS0ldier) + +## Comments on this Policy + +If you have suggestions on how this process could be improved please submit a +pull request.