Create security policies document

Github recommends to create a SECURITY.md file containing security policies for the project. I've also enabled in-project vulnerability reporting, and linked to it in this file.
This commit is contained in:
Josh Holmer 2025-04-22 01:02:50 -04:00
parent 748d5987a5
commit d168fffb12

13
SECURITY.md Normal file
View file

@ -0,0 +1,13 @@
# Security Policy
## Supported Versions
Only the latest version will be supported with security updates. We will not maintain old branches.
For this reason, you should attempt to always use the latest released version.
## Reporting a Vulnerability
To privately report a vulnerability in oxipng, please visit [our advisories page](https://github.com/shssoichiro/oxipng/security/advisories) and use the button to report a vulnerability.
We will review it as soon as possible.
For vulnerabilities in dependencies, please open a pull request updating the dependency to a patched version.