From 3b2128da83f31461d51683a8c6a626ff92461401 Mon Sep 17 00:00:00 2001
From: PJ Fanning <pjfanning@users.noreply.github.com>
Date: Mon, 14 Mar 2022 20:51:48 +0100
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..8da6766
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+By default, only the latest version of the library is supported. Security patches may be backported to older versions, but only in exceptional circumstances.
+
+## Reporting a Vulnerability
+
+* Suspected security vulnerabilities should not be discussed publicly. Do not open an issue using the normal issue tracker.
+* Create your own fork of this project
+* Create a [Security Advisory](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory) in your fork. Do not worry about getting all the settings correct initially.
+* [Grant access](https://docs.github.com/en/code-security/security-advisories/adding-a-collaborator-to-a-security-advisory) to my username (pjfanning) so that I can see the description of the issue and comment.
+* If I accept that there is a vulnerability, I move the Security Advisory to this project and add all the parties from the fork advisory as collaborators.
+* I will try to get a fix, a release and CVE assignment done as quickly as I can.