diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..5847ed44 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +The used version scheme is `YYYY.N.P` consisting of the year of the major release, a consecutive major release number (`N`, starting at 1) and a consecutive patch number (`P`, starting at 0). At any time, only the *most recent* major release will receive security-relevant patches or bug fixes. This is shown in the following example: + +``` + | 2025.1.0 released with new features + | 2025.1.1 released with a bug fix + | 2025.2.0 released with new features + | + | * A vulnerability is discovered in 2025.1.x and 2025.2.x * + | + | 2025.2.1 released with security fix -> NO fix for 2025.1.x +``` + +## Reporting a Vulnerability + +**Do not report security vulnerabilities using GitHub issues!** + +If you found a security vulnerability, please contact `security@turnierplan.net`.