diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..9edc9a8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ +# Security Policy + +## Supported Versions + +Only the latest release on Maven Central receives security updates. +Patch releases are cut as needed for vulnerabilities. + +| Version | Supported | +|---------|--------------------| +| 2.x | :white_check_mark: | +| < 2.0 | :x: | + +## Reporting a Vulnerability + +We take security bugs seriously. If you discover a vulnerability in JToon, +please report it privately before disclosing it publicly. + +**How to report:** + +1. Open a security advisory at: + +2. Alternatively, email the maintainers via the contact information on + the [GitHub profile](https://github.com/toon-format). + +You should receive a response within very soon. If you don't, please +follow up to ensure your message was received. + +**What to include:** + +- A clear description of the vulnerability +- Steps to reproduce (PoC preferred) +- Affected versions +- Potential impact +- Any suggested fix (if available)