From 1ab1477fe0435dd12a442c0254b7921cbb9f8a85 Mon Sep 17 00:00:00 2001
From: Stephen Colebourne <scolebourne@joda.org>
Date: Mon, 15 Apr 2024 13:50:30 +0100
Subject: [PATCH] Add website page about secutity/CVEs

---
 src/site/markdown/index.md    |  1 +
 src/site/markdown/security.md | 26 ++++++++++++++++++++++++++
 src/site/site.xml             |  1 +
 3 files changed, 28 insertions(+)
 create mode 100644 src/site/markdown/security.md

diff --git a/src/site/markdown/index.md b/src/site/markdown/index.md
index 81e9853b8..a3668a8cd 100644
--- a/src/site/markdown/index.md
+++ b/src/site/markdown/index.md
@@ -32,6 +32,7 @@ Various documentation is available:
 * The [Javadoc](apidocs/index.html)
 * The list of [FAQ](faq.html)s.
 * The [change notes](changes-report.html) for each release
+* The [security](security.html) issues page
 * The [GitHub](https://github.com/JodaOrg/joda-time) source repository
 
 
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
new file mode 100644
index 000000000..d637923eb
--- /dev/null
+++ b/src/site/markdown/security.md
@@ -0,0 +1,26 @@
+## Joda-Time Security
+
+### Security Policy
+
+#### Supported Versions
+
+If a security issue occurs, only the latest version is guaranteed to be patched.
+
+#### Reporting a Vulnerability
+
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
+
+
+### CVEs
+
+#### [CVE-2024-23080](https://nvd.nist.gov/vuln/detail/CVE-2024-23080)
+
+This was raised publicly on 2024-04-10.
+There was no prior warning or private disclosure.
+
+The CVE is nonsense. It was raised by an AI-driven bot.
+The CVE describes that a `NullPointerException` is thrown when `null` is passed into a method.
+As any Java developer knows, this is perfectly normal and not a security issue or CVE.
+
+Users of Joda-Time do not need to take any action as the CVE is invalid.
diff --git a/src/site/site.xml b/src/site/site.xml
index 001b0c6cd..8b7679d10 100644
--- a/src/site/site.xml
+++ b/src/site/site.xml
@@ -130,6 +130,7 @@
       <item name="Release notes" href="changes-report.html"/>
       <item name="Old release notes" href="installation.html"/>
       <item name="Dependency info" href="dependency-info.html"/>
+      <item name="Security" href="security.html"/>
       <item name="Download" href="download.html"/>
     </menu>