Create SECURITY.md

SECURITY.md

@@ -0,0 +1,27 @@
+# Security Policy
+
+Your security is very important to us. We believe in the benefits of open source and also in strong security; this document provides guidelines for how to report and handle vulnerabilities.
+
+## Supported Versions
+
+We provide security updates only for the most recent version of our project, and the prior major release. Older releases are not supported with security updates. Please ensure you're using one of the supported version ranges to receive security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please refrain from creating a public issue on GitHub. Instead, please create a **new issue** and use the **label "security"** to tag it. This gives us a chance to fix the issue and create an official release prior to the issue becoming public.
+
+When reporting a vulnerability, please provide the following information:
+
+- Detailed description of the vulnerability
+- Steps to reproduce the issue
+- Any known impact
+- Any possible solutions or mitigations
+
+We will review the issue in the most timely manner possible and strive to communicate regularly about the status of the vulnerability, such as whether it's accepted, fixed, or declined.
+
+## Policy on disclosed vulnerabilities
+
+When a reported vulnerability has been addressed, we will create a security patch release and add a post to our website detailing the issue and the solution, without exposing sensitive information or any details that could lead to exploitation of the vulnerability.