Fix: #2978 - add SECURITY.md

1 files changed, 35 insertions, 0 deletions

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..227d870432
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Supported Versions
+
+The latest versions of the 1.7 and 2.0 branches are supported for security issues.
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+**Please do not report security vulnerabilities on the project forum.**
+
+Security issues should be reported directly to the project maintainer,
+[Greg Roach](mailto:greg@subaqua.co.uk).
+
+## Timescales
+
+You should expect an acknowledgement within 24 hours.
+
+Remember that not all emails get delivered, and that some parts of the world do
+not have internet access.
+If you do not get a reply, please send a follow-up email.
+If there is still no reply, try to make contact through the project forum
+at www.webtrees.net
+
+Depending on the complexity and severity of the issue, I will aim to publish
+a fix within 2-7 days.
+
+## Disclosure
+
+Please wait for the fix to become available before publishing details of the issue.
+
+## Attribution
+
+If you would like to be credited for your discovery, please say so.