From 0f58d32bede3bd61423e082cd76e7995bcdf92f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Elias=20H=C3=B6rner?= Date: Sun, 12 Apr 2026 11:36:31 +0200 Subject: [PATCH] Add SECURITY.md --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..5847ed44 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +The used version scheme is `YYYY.N.P` consisting of the year of the major release, a consecutive major release number (`N`, starting at 1) and a consecutive patch number (`P`, starting at 0). At any time, only the *most recent* major release will receive security-relevant patches or bug fixes. This is shown in the following example: + +``` + | 2025.1.0 released with new features + | 2025.1.1 released with a bug fix + | 2025.2.0 released with new features + | + | * A vulnerability is discovered in 2025.1.x and 2025.2.x * + | + | 2025.2.1 released with security fix -> NO fix for 2025.1.x +``` + +## Reporting a Vulnerability + +**Do not report security vulnerabilities using GitHub issues!** + +If you found a security vulnerability, please contact `security@turnierplan.net`.