Create SECURITY.md

[Wbaker7702]

Summary by CodeRabbit

• Documentation
  • Added a new security policy document outlining supported versions and their current status across release lines, along with procedures for reporting vulnerabilities and expected response timelines.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A new SECURITY.md file is introduced containing security policy documentation. The file includes a table of supported versions with their statuses and a section with guidance for reporting vulnerabilities and expected handling timelines.

Changes

Cohort / File(s)	Summary
Security Policy Documentation SECURITY.md	New file: Defines supported versions (5.1.x, 5.0.x, 4.0.x, < 4.0) with status indicators and outlines vulnerability reporting procedures with expected response timelines

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A vault of wisdom, shiny and bright,
Where security policies now take flight,
With versions listed, vulnerabilities heard,
This document's the safest we've ever purred! 🛡️

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Create SECURITY.md' directly and clearly describes the main change—introducing a new security policy file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@SECURITY.md`:
- Around line 17-21: Replace the placeholder text in SECURITY.md with a concrete
vulnerability reporting procedure: specify the exact contact method (e.g.,
security@your-company.com, a security portal URL, or GitHub Security Advisories)
and any PGP/key for encrypted reports, state an expected response timeline
(e.g., "acknowledge within 48 hours, update every 7 days"), define the
disclosure policy and timeline for coordinated disclosure, describe what
reporters should include (impact, reproduction steps, affected versions), and
outline the process for accepted vs. declined reports (triage, remediation
timeline, public disclosure), and mention use of GitHub's private vulnerability
reporting if enabled.
- Around line 5-6: Replace the placeholder template lines in SECURITY.md with a
concrete security policy: remove the GitHub instruction text and add the
supported release versions (e.g., list of maintained versions or branches), the
timeframe for security support per version, a clear vulnerability reporting
process (contact email or security form and expected response SLA), instructions
for submitting CVE/patches and disclosure policy, and any relevant links or
references; ensure the file contains no template wording and explicitly names
the versions covered and the contact/mechanism for reporting security issues.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 33e0d2a and 474fabb.

📒 Files selected for processing (1)

• SECURITY.md

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}