From d168fffb12a5035abb29dc111fbc3f7e60f44607 Mon Sep 17 00:00:00 2001 From: Josh Holmer Date: Tue, 22 Apr 2025 01:02:50 -0400 Subject: [PATCH] Create security policies document Github recommends to create a SECURITY.md file containing security policies for the project. I've also enabled in-project vulnerability reporting, and linked to it in this file. --- SECURITY.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..f338c471 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Supported Versions + +Only the latest version will be supported with security updates. We will not maintain old branches. +For this reason, you should attempt to always use the latest released version. + +## Reporting a Vulnerability + +To privately report a vulnerability in oxipng, please visit [our advisories page](https://github.com/shssoichiro/oxipng/security/advisories) and use the button to report a vulnerability. +We will review it as soon as possible. + +For vulnerabilities in dependencies, please open a pull request updating the dependency to a patched version.