Revise SECURITY.md for clarity and completeness

Updated the security policy to include details on supported versions and reporting vulnerabilities. Signed-off-by: 0xMRTT <0xMRTT@proton.me>
2026-04-06 16:16:54 +02:00
parent 3dc6a550c8
commit 77d5114f32
1 changed files with 39 additions and 0 deletions
@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are provided for:
+
+| Version | Supported |
+| ------- | --------- |
+| Latest stable release | ✅ |
+| `main` branch | ✅ |
+| Older releases | ❌ |
+
+## Reporting a Vulnerability
+
+Please do **not** report security issues in public GitHub issues, GitLab issues, Codeberg issues, discussions, or chats.
+
+Use one of the following private channels:
+
+1. **GitHub Private Vulnerability Reporting** (preferred):
+   - Open the repository Security tab
+   - Click **Report a vulnerability**
+2. If private reporting is unavailable on your platform mirror, contact the maintainers privately through the project maintainer contact listed on the main project pages.
+
+When reporting, include:
+
+- A clear description of the issue and impact
+- Steps to reproduce (or a proof of concept)
+- Affected versions/commit hashes
+- Any suggested mitigation
+
+## Disclosure Process
+
+- The maintainers will acknowledge new reports as soon as possible (target: within 7 days).
+- After validation, maintainers will work on a fix and coordinate a release.
+- Public disclosure should happen only after a fix is available, or after coordinated agreement with maintainers.
+
+## Scope
+
+This policy applies to the source code and official release artifacts of Bavarder.