From 343bfce668de0e2e84f4f82b97a3caf64df7eda0 Mon Sep 17 00:00:00 2001
From: Konsti Wohlwend <n2d4xc@gmail.com>
Date: Thu, 8 Aug 2024 19:03:04 -0700
Subject: [PATCH] Create SECURITY.md

---
 .github/SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 000000000..d4a2dc16c
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest versions of Stack's server and client packages are supported. We do not provide security updates for older versions.
+
+## Reporting a Vulnerability
+
+Stack Auth practices [responsible disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure).
+
+Please disclose security vulnerabilities responsibly by emailing us at responsible-disclosure@stack-auth.com. In this case:
+
+- We will get back to you within 96 hours.
+- We will aim to get a fix released within 30 days, and disclose the issue, crediting you.
+- If we are unable to fix the issue within 90 days, we will disclose the issue publicly.
+
+Please do not create GitHub issues with security vulnerabilities; instead, email us directly at the address above.