Merge pull request #1365 from urfave/security-policy-doc

Add a security policy document
2022-05-22 09:53:13 -04:00
parent 60a6bf5866 32be625ece
commit 939ab7f9e7
2 changed files with 33 additions and 5 deletions
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -0,0 +1,27 @@
+# Security Policy
+
+Hello and thank you for your interest in the `urfave/cli` security
+policy! :tada: :lock:
+
+## Supported Versions
+
+| Version      | Supported                             |
+| ------------ | ------------------------------------- |
+| `>= v2.3.x`  | :white_check_mark:                    |
+| `< v2.3`     | :x:                                   |
+| `>= v1.22.x` | :white_check_mark: :lady_beetle: [^1] |
+| `< v1.22`    | :x:                                   |
+
+## Reporting a Vulnerability
+
+Please disclose any vulnerabilities by sending an email to:
+
+[urfave-security@googlegroups.com](mailto:urfave-security@googlegroups.com)
+
+You should expect a response within 48 hours and further
+communications to be decided via email. The `urfave/cli` maintainer
+team comprises volunteers who contribute when possible, so please
+have patience :bow:
+
+[^1]: The `v1.22.x` series will receive bug fixes and security
+  patches only.