Create SECURITY.md for security policy

[Terence890]

Add a security policy document outlining supported versions and vulnerability reporting.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: afe4102081

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Provide an actual vulnerability reporting process

This section is still template text and does not provide any concrete reporting channel (for example, a security email, private intake form, or disclosure workflow), so external researchers have no safe way to report vulnerabilities and may either disclose publicly or not report at all. That undermines the purpose of adding SECURITY.md and creates operational risk when a real issue is found.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Replace template supported-version entries

The supported-version table appears to be copied from the default template (5.1.x, 5.0.x, 4.0.x) rather than this repository’s real release/support policy, which can mislead users about which code lines receive security fixes. A security policy should list actual maintained branches/tags (or explicitly state no maintained versions) to avoid false expectations.

Useful? React with 👍 / 👎.