From e3e2de117cbbb4f99bd20442dd975560b4078d56 Mon Sep 17 00:00:00 2001
From: Josep Llort Tella <jllort@openkm.com>
Date: Mon, 22 Sep 2025 09:30:21 +0200
Subject: [PATCH] Add security markdown file

fix #377
---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..b6d5ea7d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+If you discover a vulnerability in this project, **please do not open a public issue** on GitHub.
+
+Instead, use our contact form:
+🔗 [https://www.openkm.com/en/contact.html](https://www.openkm.com/en/contact.html)
+
+Clearly indicate that your message is about a vulnerability. Within **72 business hours**, we will contact you to request the detailed report.
+
+## Responsible Disclosure
+- Please do not publicly disclose the information until we have verified and fixed the issue.
+- We commit to keeping you informed of the progress.
+
+## CVE
+The OpenKM team **does not directly manage CVE requests**, but we are open to **collaborating with you** in the process so that you receive proper credit.
+
+## Acknowledgment
+We highly value and appreciate the community’s contributions to improving the security of OpenKM.