Add security policy for Pleroma backend
authorrinpatch <rinpatch@sdf.org>
Fri, 7 Aug 2020 18:25:16 +0000 (21:25 +0300)
committerrinpatch <rinpatch@sdf.org>
Fri, 7 Aug 2020 18:27:15 +0000 (21:27 +0300)
Closes #1848

SECURITY.md [new file with mode: 0644]

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644 (file)
index 0000000..c212a25
--- /dev/null
@@ -0,0 +1,16 @@
+# Pleroma backend security policy
+
+## Supported versions
+
+Currently, Pleroma offers bugfixes and security patches only for the latest minor release.
+
+| Version | Support 
+|---------| --------
+| 2.0     | Bugfixes and security patches
+
+## Reporting a vulnerability
+
+Please use confidential issues (tick the "This issue is confidential and should only be visible to team members with at least Reporter access." box when submitting) at our [bugtracker](https://git.pleroma.social/pleroma/pleroma/-/issues/new) for reporting vulnerabilities.
+## Announcements
+
+New releases are announced at [pleroma.social](https://pleroma.social/announcements/). All security releases are tagged with ["Security"](https://pleroma.social/announcements/tags/security/). You can be notified of them by subscribing to an Atom feed at <https://pleroma.social/announcements/tags/security/feed.xml>.