Create SECURITY.md

GrinZero · web-flow · commit 7abb2977d8df · 2025-08-08T14:28:13.000+08:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,53 @@
+# Security Policy
+
+## Supported Versions
+
+The table below indicates which versions of this project are currently supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+We recommend all users to upgrade to the latest stable version to benefit from ongoing security patches and improvements.
+
+## Reporting a Vulnerability
+
+📬 How to Report
+Please do not create a public GitHub issue for security-related matters. Instead, send an email to:
+
+bugyaluwang@qq.com
+(replace with your actual security contact email)
+
+Alternatively, you may use GitHub's private security advisory system if your project is hosted on GitHub.
+
+🔒 What to Include
+When reporting a vulnerability, please provide the following information (if possible):
+
+- A clear description of the vulnerability
+
+- Steps to reproduce or proof of concept (PoC)
+
+- The potential impact or affected areas
+
+- Any suggested fixes (optional)
+
+⏱ Response Timeline
+You can expect a response within 72 hours of submitting your report. Once the issue is verified:
+
+- We will notify you of the status and our planned resolution timeline.
+
+- A fix will be prepared and applied to supported versions.
+
+- We may coordinate with you to disclose the vulnerability once a fix is available (optional and with consent).
+
+✅ After Resolution
+Once a fix is released, we will:
+
+- Publish a changelog or security advisory
+
+- Credit reporters if desired (with permission)
+
+- Encourage all users to update their dependencies
+
+We appreciate your efforts to help improve the security of this project!
