meta: add security policy

qexat · Apr 24, 2024 · deeed79 · deeed79
1 parent ef346f4
commit deeed79
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+As a rule of thumb, check the major number of the current release.
+Any major number less than that should be considered unsupported *unless* there is an incentive to support it (such as high(er) popularity/use).
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x.x   | :white_check_mark: |
+| < 2.0   | :x:                |
+
+> [!NOTE]
+> If you have a critical project that depends on a vulnerable, unsupported version such that you cannot upgrade,
+> please contact me so that we can make arrangements to provide a patch. However, this will not be free of charge.
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability, please contact contact@qexat.com.
+If you haven't gotten any response in the following 7 days, please reach me out on Discord at `qexat`.
+
+## Not sure if this is a Vulnerability
+
+If you found a bug and are uncertain about whether it constitutes a vulnerability or not, please contact me anyway.
+We will discuss if it is one, and if you can report the bug via the usual tracker.