From d62fa391cab9a5476a9fddb07a31ab0be50b8ac4 Mon Sep 17 00:00:00 2001
From: Greg Roach <fisharebest@webtrees.net>
Date: Fri, 24 Jan 2020 12:03:11 +0000
Subject: Fix: #2978 - add SECURITY.md

---
 SECURITY.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 SECURITY.md

(limited to 'SECURITY.md')

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..227d870432
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy
+
+## Supported Versions
+
+The latest versions of the 1.7 and 2.0 branches are supported for security issues.
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+**Please do not report security vulnerabilities on the project forum.**
+
+Security issues should be reported directly to the project maintainer,
+[Greg Roach](mailto:greg@subaqua.co.uk).
+
+## Timescales
+
+You should expect an acknowledgement within 24 hours.
+
+Remember that not all emails get delivered, and that some parts of the world do
+not have internet access.
+If you do not get a reply, please send a follow-up email.
+If there is still no reply, try to make contact through the project forum
+at www.webtrees.net
+
+Depending on the complexity and severity of the issue, I will aim to publish
+a fix within 2-7 days.
+
+## Disclosure
+
+Please wait for the fix to become available before publishing details of the issue.
+
+## Attribution
+
+If you would like to be credited for your discovery, please say so.
-- 
cgit v1.3