Add SECURITY.md to show committed PHP versions (DOMjudge#1447)

* Add info on how to report a vulnerability Co-authored-by: Thijs Kinkhorst <[email protected]>
vmcj · Feb 17, 2022 · ed14ef6 · ed14ef6
1 parent c4ed312
commit ed14ef6
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -1 +1,2 @@
 .git* export-ignore
+SECURITY.md export-ignore
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions
+
+| DOMjudge Version | Supported          | PHP version supported |
+| ---------------- | ------------------ | --------------------- |
+| 8.x.x            | :warning:          | 7.4-8.1               |
+| 8.0.x            | :white_check_mark: | 7.2-8.0               |
+| 7.3.x            | :white_check_mark: | 7.2-7.4               |
+| < 7.3            | :x:                | :x:                   |
+
+## Reporting a Vulnerability
+
+If you want to report a vulnerability, please do not use the issue tracker
+or pull request, but instead contact [email protected] so we can assess
+the issue and publish a fix when making it public.
+
+Please mention the affected DOMjudge version and details of the vulnerability
+and how to reproduce it. We promise to publicly disclose the reported
+vulnerability, with the appropriate credit if desired, when we've agreed
+on a proper way to solve it. We try to keep you updated at least once a
+month in case of more complex vulnerabilities.