Revise security policy and reporting guidelines

vitorhugo-java · web-flow · commit c90fd4b8bf6e · 2026-03-20T11:20:45.000-03:00
Updated the security policy to include new version support and improved reporting instructions for vulnerabilities.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,36 @@
+# Security Policy
+
+## Supported Versions
+
+We actively provide security updates for the following versions of this project. If you are using an older version, we strongly recommend upgrading to the latest release.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.1.x   | :white_check_mark: |
+| 1.0.x   | :x:                |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+**Do not open a GitHub Issue for security vulnerabilities.**
+
+If you discover a potential security flaw in this project, please report it privately. We appreciate your help in keeping this project secure for everyone.
+
+### How to report
+Please send an email to **[YOUR_EMAIL@EXAMPLE.COM]** with the following details:
+
+1. **Description:** A detailed description of the vulnerability.
+2. **Steps to Reproduce:** A proof of concept or step-by-step instructions to reproduce the issue.
+3. **Impact:** What could an attacker do if they exploit this?
+4. **Environment:** Version of the app, OS, and any specific configurations.
+
+### Our Response Process
+- **Acknowledgement:** You will receive a response within 48 hours acknowledging your report.
+- **Investigation:** We will investigate the issue and keep you updated on the progress.
+- **Fix:** Once a fix is ready, we will release a new version and, if applicable, credit you for the discovery (unless you prefer to remain anonymous).
+
+## Preferred Communication
+We prefer all security-related communication to be in **English** or **Portuguese**.
+
+---
+*Thank you for helping us keep this project safe!*
