From 6ad4eb3be7a1c60af726449c98b510097fa002c1 Mon Sep 17 00:00:00 2001
From: Dennis Schubert <mail@dennis-schubert.de>
Date: Tue, 26 Apr 2022 20:48:57 +0200
Subject: [PATCH] Add dedicated SECURITY.md.

Closes #8348
---
 README.md   | 2 +-
 SECURITY.md | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index ca52287a2b2..58becd6d41d 100644
--- a/README.md
+++ b/README.md
@@ -28,4 +28,4 @@ Everyone interacting in diaspora’s codebases, issue trackers, chat rooms, the
 
 ## Security
 
-Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org](mailto:security@diasporafoundation.org). The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A](https://pgp.mit.edu/pks/lookup?op=get&search=0x6F70243F27AD886A).
+See [`SECURITY.md`](/SECURITY.md) for instructions on how to responsibly report a security vulnerability.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..adee61f78a3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+We support the latest stable release, as well as the current state of the `next-minor` and `develop` branches. Security issues for older releases are out of scope.
+
+## Reporting a Vulnerability
+
+Found a security issue? Please disclose it responsibly. We have a team of developers listening to [security@diasporafoundation.org](mailto:security@diasporafoundation.org). The PGP fingerprint is [AB0D AB02 0FC5 D398 03AB 3CE1 6F70 243F 27AD 886A](https://pgp.mit.edu/pks/lookup?op=get&search=0x6F70243F27AD886A).